| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbevirus OxyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2014, 20:30
| #1 |
 |  Werbevirus Oxy Hallo erstmal, ich bräuchte eure Hilfe weil ich sehr warscheinlich den Oxy Virus auf meinem PC habe. Kann die Programme "Oxy" und "Pilefile reminder" von LADY'S WOOD 2013 UNLIMITED nicht unter Programme und Funktionen entfernen obwohl ich der Administrator bin. Auch wenn ich den PC starte öffnet sich immer ein Programm von Oxy, welches ich schließe doch danach öffnen sich noch 3 weitere und dann ist es vorbei. Am Anfang war auch so eine Oxy Startseite bei mir in Google Chrome drin, die ich wieder unter Einstellungen entfernt habe und die dazu gehörige Erweiterung auch. Habe auch einen Malwarebytes Anti-Malware Durchlauf gemacht und dabei sehr viel entdeckt.(im Anhang) Windows 7 Ultimate 64 bit SP1 AMD Athlon II X2 250 4,0 GB RAM AMD Radeon HD 6800 Series Geändert von Vime (30.03.2014 um 20:36 Uhr) |
|
30.03.2014, 21:25
| #2 |
| /// Malwareteam   | Werbevirus Oxy Hallo Vime,
__________________ mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweise
 Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
|
31.03.2014, 13:52
| #3 |
| | Werbevirus Oxy Dankeschön für die schnelle Antwort,
__________________Ich habe schön öfters meine Festplatte formatiert weil ich keine Lust hatte mich schwer mit einem Virus auseinander zu setzen. Doch ich hab sehr viel gedownloadetes Material da wie z.B World of Warcraft, welches ich dann nur ungerne neu downloaden würde (zeitaufwendig mit einer 2k Leitung). Hier sind die FRST Files FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KomaKuh (administrator) on KOMAKUH-PC on 30-03-2014 22:01:42
Running from C:\Users\KomaKuh\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\MountPoints2: {0b1400c0-4adb-11e3-9f77-806e6f6e6963} - D:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA610428EBDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396204691&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/de
CHR Extension: (Google Docs) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Adblock Plus) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-11]
CHR Extension: (Google-Suche) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Google Mail) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\KomaKuh\AppData\Local\foxtab_speeddial.crx [2013-11-11]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\KomaKuh\AppData\Local\foxtab_speeddial.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\KomaKuh\AppData\Local\foxtab_speeddial.crx [2013-11-11]
CHR StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
U4 SR;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-30 22:01 - 2014-03-30 22:01 - 00011434 _____ () C:\Users\KomaKuh\Desktop\FRST.txt
2014-03-30 21:59 - 2014-03-30 22:01 - 00000000 ____D () C:\FRST
2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe
2014-03-30 21:29 - 2014-03-30 21:29 - 00002112 _____ () C:\Users\KomaKuh\Desktop\mbam-log-2014-03-30 (20-40-45).txt - Verknüpfung.lnk
2014-03-30 20:39 - 2014-03-30 20:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-30 20:39 - 2014-03-30 20:45 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 20:38 - 2014-03-30 20:54 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 20:36 - 2014-03-30 20:36 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip
2014-03-30 12:42 - 2014-03-30 12:43 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip
2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip
2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip
2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor
2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar
2014-03-30 11:45 - 2014-03-30 11:52 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt
2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-24 22:00 - 2014-03-24 22:03 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe
2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe
2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD
2014-03-21 21:01 - 2014-03-21 21:22 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt
2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-17 22:58 - 2014-03-17 23:05 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö
2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt
2014-03-17 12:04 - 2014-03-17 12:05 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt
2014-03-16 19:17 - 2014-03-16 22:11 - 00035067 _____ () C:\Gothic.RPT
2014-03-16 16:37 - 2014-03-16 17:00 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk
2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
2014-03-10 21:49 - 2014-03-19 23:08 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum
2014-03-08 23:07 - 2014-03-09 01:28 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype
2014-03-05 11:23 - 2014-03-05 11:46 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
==================== One Month Modified Files and Folders =======
2014-03-30 22:01 - 2014-03-30 22:01 - 00011434 _____ () C:\Users\KomaKuh\Desktop\FRST.txt
2014-03-30 22:01 - 2014-03-30 21:59 - 00000000 ____D () C:\FRST
2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe
2014-03-30 21:58 - 2013-11-11 16:40 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 21:33 - 2013-11-11 18:33 - 00000296 _____ () C:\Windows\Tasks\FoxTab.job
2014-03-30 21:29 - 2014-03-30 21:29 - 00002112 _____ () C:\Users\KomaKuh\Desktop\mbam-log-2014-03-30 (20-40-45).txt - Verknüpfung.lnk
2014-03-30 21:10 - 2014-01-16 19:46 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Media Player Classic
2014-03-30 21:04 - 2013-11-11 16:16 - 01528404 ____N () C:\Windows\WindowsUpdate.log
2014-03-30 20:54 - 2014-03-30 20:38 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:54 - 2013-11-11 16:19 - 00001417 _____ () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 20:53 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:53 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:52 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 20:52 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 20:52 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 20:46 - 2013-11-11 16:40 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 20:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 20:45 - 2014-03-30 20:39 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-30 20:45 - 2014-03-30 20:39 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 20:39 - 2011-06-11 02:58 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-30 20:39 - 2011-06-11 02:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 20:36 - 2014-03-30 20:36 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-30 17:47 - 2013-11-11 21:07 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\TS3Client
2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:42 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip
2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip
2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip
2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor
2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar
2014-03-30 11:52 - 2014-03-30 11:45 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt
2014-03-30 08:54 - 2013-11-12 22:13 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\Spotify
2014-03-30 08:40 - 2013-11-24 15:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Overwolf
2014-03-30 03:37 - 2013-11-11 19:09 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\TS3Client
2014-03-30 03:19 - 2013-12-08 21:17 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Battle.net
2014-03-29 23:42 - 2014-01-06 22:30 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-03-29 23:31 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Skype
2014-03-29 08:09 - 2013-11-11 22:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-29 08:00 - 2013-11-12 22:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Spotify
2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx
2014-03-25 17:21 - 2013-11-11 18:45 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-24 22:03 - 2014-03-24 22:00 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe
2014-03-23 17:51 - 2014-02-21 21:27 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe
2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\Users\Receful\AppData\Local\PMB Files
2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-23 08:42 - 2013-11-24 15:23 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-21 22:23 - 2013-11-11 17:16 - 00000000 ____D () C:\ProgramData\AMD
2014-03-21 22:22 - 2013-11-11 16:31 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD
2014-03-21 22:18 - 2013-11-11 16:26 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-21 22:15 - 2013-12-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 21:22 - 2014-03-21 21:01 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-03-19 23:08 - 2014-03-10 21:49 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum
2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt
2014-03-18 17:21 - 2013-11-11 17:20 - 00000000 ____D () C:\Users\KomaKuh\Desktop\hintergrund
2014-03-18 17:19 - 2014-02-12 10:51 - 00000000 ____D () C:\Users\KomaKuh\Documents\SelfMV
2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-17 23:05 - 2014-03-17 22:58 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö
2014-03-17 22:26 - 2013-12-08 21:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt
2014-03-17 12:05 - 2014-03-17 12:04 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt
2014-03-17 11:30 - 2014-01-01 18:54 - 00000000 ____D () C:\Gothic II
2014-03-16 22:11 - 2014-03-16 19:17 - 00035067 _____ () C:\Gothic.RPT
2014-03-16 17:00 - 2014-03-16 16:37 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk
2014-03-16 16:56 - 2014-01-01 18:54 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
2014-03-09 01:28 - 2014-03-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype
2014-03-06 12:34 - 2013-11-11 19:33 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-05 11:46 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-03-05 11:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
Some content of TEMP:
====================
C:\Users\KomaKuh\AppData\Local\Temp\htmlayout.dll
C:\Users\KomaKuh\AppData\Local\Temp\tmp3534.exe
C:\Users\KomaKuh\AppData\Local\Temp\tmpD8B1.exe
C:\Users\Receful\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Receful\AppData\Local\Temp\WTFastSetupOW.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2010-11-21 05:24] - [2011-03-09 18:01] - 2872320 ____A (Microsoft Corporation) 9FF4D976D1696F114A5738842C1C45FF
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 20:15
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by KomaKuh at 2014-03-30 22:02:00
Running from C:\Users\KomaKuh\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
10,000,000 (HKLM-x32\...\Steam App 227580) (Version: - EightyEightGames)
123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version: - Michael Todd Games)
Final Exam (HKLM-x32\...\Steam App 233190) (Version: - Mighty Rocket Studio)
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Game Booster (HKLM-x32\...\Game Booster_is1) (Version: 2.3.0.0 - IObit)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic II Addon-Datenbank (HKCU\...\www.mondgesaenge.de - G2ADB) (Version: 3.0 Beta - www.mondgesaenge.de)
Gothic Multiplayer (HKLM-x32\...\Gothic Multiplayer) (Version: 0.1.9 - Gothic Multiplayer Team)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version: - Big Huge Games)
K-Lite Codec Pack (64-bit) v4.5.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.5.0 - )
K-Lite Codec Pack 7.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Launcher omfg.gg (HKCU\...\93bb1775721ec2cc) (Version: 1.0.0.5 - omfg.gg)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MTA:SA v1.3.4 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.4 - Multi Theft Auto)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM-x32\...\{FE8E927E-8099-4C6B-A337-1CAB00E213C7}) (Version: 0.50.310 - Overwolf)
Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version: - LADY'S WOOD 2013 LIMITED)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version: - LADY'S WOOD 2013 LIMITED)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spectraball (HKLM-x32\...\Steam App 18300) (Version: - Shorebound Studios)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Infinity (HKLM-x32\...\Steam App 234160) (Version: - Born Ready Games Ltd.)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version: - Vlambeer)
Super Hexagon (HKLM-x32\...\Super Hexagon_is1) (Version: 1.0 - compiled by testncrash)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
17-03-2014 12:41:20 Geplanter Prüfpunkt
21-03-2014 20:16:33 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
21-03-2014 20:20:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03BFB27F-3E9D-45DD-A900-065081B91E88} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1946DDF7-9952-4115-B24B-124D9A1D8AF7} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {2555299A-F3E4-4ACD-85BB-9D87DB096EA9} - System32\Tasks\PileFile logon => C:\Users\KomaKuh\AppData\Local\Temp\Goat SimulatorDownload_D1BD\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {3369FF24-689C-4E71-AE83-81756113BEC1} - System32\Tasks\ASUS\i-Setup153131 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2008-08-01] (ASUSTek)
Task: {412E6711-57A1-47A1-BB04-5E52DBE534D7} - System32\Tasks\PileFile reminder => C:\Users\KomaKuh\AppData\Local\Temp\Goat SimulatorDownload_D1BD\Goat_Simulator_Downloader.exe [2014-03-30] () <==== ATTENTION
Task: {733A5972-9BBA-4AFB-AA36-34AE5D37118F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A4C75C85-C9DF-41A5-9630-45E29744BC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {BF8C3626-AE7C-4F2A-8F1A-C5BD3C02D153} - System32\Tasks\Oxy => C:\Users\KomaKuh\AppData\Roaming\Oxy\Updater.exe [2014-03-30] () <==== ATTENTION
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {E1CF9038-4982-432F-B54D-C5031EC75380} - System32\Tasks\FoxTab => C:\Users\KomaKuh\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\KomaKuh\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 17:00 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\KomaKuh\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\KomaKuh\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Receful\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Receful\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2014 08:47:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 08:46:06 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/30/2014 08:40:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 08:39:03 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2014 02:57:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/29/2014 02:56:04 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/28/2014 04:33:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 04:31:29 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/27/2014 06:42:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 06:40:40 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (03/30/2014 08:46:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/30/2014 08:39:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/29/2014 02:56:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/28/2014 04:31:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/27/2014 06:40:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/26/2014 07:57:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/25/2014 04:12:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/24/2014 05:47:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/23/2014 08:41:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/22/2014 03:39:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Microsoft Office Sessions:
=========================
Error: (03/30/2014 08:47:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 08:46:06 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/30/2014 08:40:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2014 08:39:03 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2014 02:57:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/29/2014 02:56:04 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/28/2014 04:33:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 04:31:29 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/27/2014 06:42:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 06:40:40 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 4095.11 MB
Available physical RAM: 2498.95 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 6230.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:714.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1B163557)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
31.03.2014, 18:00
| #4 | ||
| /// Malwareteam | Werbevirus Oxy Hi, Zitat:
Zitat:
.Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
31.03.2014, 19:14
| #5 |
| | Werbevirus Oxy Als ich die Systemlookdatei posten wollte hing mehrmals mein Browser und er sendete meinen Post einfach nicht ab weil dort soviel Text vorhanden ist. Soll ich dann die Systemlookdatei einfach in den Anhang packen? Und danke dir nochmal Jonas, hast mich echt beruhigt |
|
31.03.2014, 19:16
| #6 | |
| /// Malwareteam | Werbevirus OxyZitat:
.
__________________ --> Werbevirus Oxy |
|
31.03.2014, 19:38
| #7 |
| | Werbevirus Oxy Hey, danke dir, die Files kommen sofort  Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 31/03/2014 um 19:13:50
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : KomaKuh - KOMAKUH-PC
# Gestartet von : C:\Users\KomaKuh\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : desksvc
Dienst Gelöscht : IePluginService
Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\KomaKuh\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\KomaKuh\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\KomaKuh\AppData\Roaming\Oxy
Ordner Gelöscht : C:\Users\KomaKuh\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Ordner Gelöscht : C:\Users\Receful\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Receful\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Desk 365]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Escolade
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\qone8Software
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Receful\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8664 octets] - [31/03/2014 19:11:44]
AdwCleaner[R1].txt - [8724 octets] - [31/03/2014 19:12:59]
AdwCleaner[S0].txt - [6791 octets] - [31/03/2014 19:13:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6851 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KomaKuh (administrator) on KOMAKUH-PC on 31-03-2014 19:55:13
Running from C:\Users\KomaKuh\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1017904 2014-03-31] (337 Technology Limited.)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\MountPoints2: {0b1400c0-4adb-11e3-9f77-806e6f6e6963} - D:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA610428EBDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/de
CHR Extension: (Google Docs) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Adblock Plus) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-11]
CHR Extension: (Google-Suche) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Google Mail) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-31]
CHR StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [425008 2014-03-31] (337 Technology Limited.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-31] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
U4 SR;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-31 19:55 - 2014-03-31 19:55 - 00013548 _____ () C:\Users\KomaKuh\Desktop\FRST.txt
2014-03-31 19:30 - 2014-03-31 19:30 - 00018048 _____ () C:\Users\KomaKuh\Downloads\Benotungsschema Praktikumsmappe 9.odt
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Desk 365
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\WPM
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-31 19:16 - 2014-03-31 19:53 - 07376130 _____ () C:\Users\KomaKuh\Desktop\SystemLook.txt
2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-31 19:15 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-31 19:15 - 2014-03-31 19:15 - 00165376 _____ () C:\Users\KomaKuh\Desktop\SystemLook_x64.exe
2014-03-31 19:11 - 2014-03-31 19:14 - 00000000 ____D () C:\AdwCleaner
2014-03-31 19:09 - 2014-03-31 19:12 - 00000475 _____ () C:\Users\KomaKuh\Desktop\Neues Textdokument (4).txt
2014-03-31 19:09 - 2014-03-31 19:09 - 01950720 _____ () C:\Users\KomaKuh\Desktop\adwcleaner.exe
2014-03-31 15:48 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de
2014-03-31 15:47 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\Downloads\mausi 3
2014-03-31 15:47 - 2014-03-31 15:47 - 00270615 _____ () C:\Users\KomaKuh\Downloads\Mausi3.zip
2014-03-31 15:27 - 2014-03-31 15:28 - 00000000 ____D () C:\Users\KomaKuh\Desktop\saves FRST
2014-03-31 14:40 - 2014-03-31 19:14 - 00000224 _____ () C:\Windows\setupact.log
2014-03-31 14:40 - 2014-03-31 14:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 21:59 - 2014-03-31 19:55 - 00000000 ____D () C:\FRST
2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe
2014-03-30 20:38 - 2014-03-30 20:54 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip
2014-03-30 12:42 - 2014-03-30 12:43 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip
2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip
2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip
2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor
2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar
2014-03-30 11:45 - 2014-03-30 11:52 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt
2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-24 22:00 - 2014-03-24 22:03 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe
2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe
2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD
2014-03-21 21:01 - 2014-03-21 21:22 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt
2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-17 22:58 - 2014-03-17 23:05 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö
2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt
2014-03-17 12:04 - 2014-03-17 12:05 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt
2014-03-16 19:17 - 2014-03-16 22:11 - 00035067 _____ () C:\Gothic.RPT
2014-03-16 16:37 - 2014-03-16 17:00 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk
2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
2014-03-10 21:49 - 2014-03-31 19:42 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum
2014-03-08 23:07 - 2014-03-09 01:28 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype
2014-03-05 11:23 - 2014-03-05 11:46 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
==================== One Month Modified Files and Folders =======
2014-03-31 19:55 - 2014-03-31 19:55 - 00013548 _____ () C:\Users\KomaKuh\Desktop\FRST.txt
2014-03-31 19:55 - 2014-03-30 21:59 - 00000000 ____D () C:\FRST
2014-03-31 19:53 - 2014-03-31 19:16 - 07376130 _____ () C:\Users\KomaKuh\Desktop\SystemLook.txt
2014-03-31 19:44 - 2013-11-27 19:46 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Bewerbung
2014-03-31 19:42 - 2014-03-10 21:49 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum
2014-03-31 19:30 - 2014-03-31 19:30 - 00018048 _____ () C:\Users\KomaKuh\Downloads\Benotungsschema Praktikumsmappe 9.odt
2014-03-31 19:22 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:22 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:20 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 19:20 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 19:20 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Desk 365
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\WPM
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-31 19:19 - 2011-06-11 02:58 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-31 19:19 - 2011-06-11 02:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-31 19:16 - 2014-03-31 19:15 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-31 19:16 - 2013-11-11 16:19 - 00001201 _____ () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 19:15 - 2014-03-31 19:15 - 00165376 _____ () C:\Users\KomaKuh\Desktop\SystemLook_x64.exe
2014-03-31 19:14 - 2014-03-31 19:11 - 00000000 ____D () C:\AdwCleaner
2014-03-31 19:14 - 2014-03-31 14:40 - 00000224 _____ () C:\Windows\setupact.log
2014-03-31 19:14 - 2013-11-11 16:40 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 19:14 - 2013-11-11 16:16 - 01535008 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 19:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 19:12 - 2014-03-31 19:09 - 00000475 _____ () C:\Users\KomaKuh\Desktop\Neues Textdokument (4).txt
2014-03-31 19:09 - 2014-03-31 19:09 - 01950720 _____ () C:\Users\KomaKuh\Desktop\adwcleaner.exe
2014-03-31 19:06 - 2013-11-11 16:40 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 18:46 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Skype
2014-03-31 15:48 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de
2014-03-31 15:48 - 2014-03-31 15:47 - 00000000 ____D () C:\Users\KomaKuh\Downloads\mausi 3
2014-03-31 15:48 - 2013-11-17 17:32 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Deployment
2014-03-31 15:47 - 2014-03-31 15:47 - 00270615 _____ () C:\Users\KomaKuh\Downloads\Mausi3.zip
2014-03-31 15:28 - 2014-03-31 15:27 - 00000000 ____D () C:\Users\KomaKuh\Desktop\saves FRST
2014-03-31 15:23 - 2013-11-11 22:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-31 15:01 - 2013-11-11 16:40 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 15:01 - 2013-11-11 16:40 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 14:50 - 2013-12-08 21:17 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Battle.net
2014-03-31 14:40 - 2014-03-31 14:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe
2014-03-30 21:10 - 2014-01-16 19:46 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Media Player Classic
2014-03-30 20:54 - 2014-03-30 20:38 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
2014-03-30 17:47 - 2013-11-11 21:07 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\TS3Client
2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip
2014-03-30 12:43 - 2014-03-30 12:42 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip
2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip
2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip
2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor
2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar
2014-03-30 11:52 - 2014-03-30 11:45 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt
2014-03-30 08:54 - 2013-11-12 22:13 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\Spotify
2014-03-30 08:40 - 2013-11-24 15:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Overwolf
2014-03-30 03:37 - 2013-11-11 19:09 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\TS3Client
2014-03-29 23:42 - 2014-01-06 22:30 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-03-29 08:00 - 2013-11-12 22:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Spotify
2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx
2014-03-25 17:21 - 2013-11-11 18:45 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-24 22:03 - 2014-03-24 22:00 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe
2014-03-23 17:51 - 2014-02-21 21:27 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe
2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\Users\Receful\AppData\Local\PMB Files
2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-23 08:42 - 2013-11-24 15:23 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI
2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-21 22:23 - 2013-11-11 17:16 - 00000000 ____D () C:\ProgramData\AMD
2014-03-21 22:22 - 2013-11-11 16:31 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD
2014-03-21 22:18 - 2013-11-11 16:26 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-21 22:15 - 2013-12-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 21:22 - 2014-03-21 21:01 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt
2014-03-18 17:21 - 2013-11-11 17:20 - 00000000 ____D () C:\Users\KomaKuh\Desktop\hintergrund
2014-03-18 17:19 - 2014-02-12 10:51 - 00000000 ____D () C:\Users\KomaKuh\Documents\SelfMV
2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-17 23:05 - 2014-03-17 22:58 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö
2014-03-17 22:26 - 2013-12-08 21:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt
2014-03-17 12:05 - 2014-03-17 12:04 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt
2014-03-17 11:30 - 2014-01-01 18:54 - 00000000 ____D () C:\Gothic II
2014-03-16 22:11 - 2014-03-16 19:17 - 00035067 _____ () C:\Gothic.RPT
2014-03-16 17:00 - 2014-03-16 16:37 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk
2014-03-16 16:56 - 2014-01-01 18:54 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
2014-03-09 01:28 - 2014-03-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames
2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype
2014-03-06 12:34 - 2013-11-11 19:33 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-05 11:46 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-03-05 11:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
Some content of TEMP:
====================
C:\Users\KomaKuh\AppData\Local\Temp\57638uninstall.exe
C:\Users\KomaKuh\AppData\Local\Temp\93696uninstall.exe
C:\Users\KomaKuh\AppData\Local\Temp\htmlayout.dll
C:\Users\KomaKuh\AppData\Local\Temp\Quarantine.exe
C:\Users\KomaKuh\AppData\Local\Temp\setup.exe
C:\Users\KomaKuh\AppData\Local\Temp\Sqlite3.dll
C:\Users\KomaKuh\AppData\Local\Temp\tmp3534.exe
C:\Users\KomaKuh\AppData\Local\Temp\tmp5552.exe
C:\Users\KomaKuh\AppData\Local\Temp\tmp6A48.exe
C:\Users\KomaKuh\AppData\Local\Temp\tmpD8B1.exe
C:\Users\Receful\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Receful\AppData\Local\Temp\WTFastSetupOW.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2010-11-21 05:24] - [2011-03-09 18:01] - 2872320 ____A (Microsoft Corporation) 9FF4D976D1696F114A5738842C1C45FF
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 20:15
==================== End Of Log ============================
--- --- --- --- --- --- Es gibt aber ein kleines Problemchen, denn die Systemlookdatei ist 7,02 mb groß, und die Maximalgröße bei txt Dateien liegt bei ungefähr 97,07 KB. Egal ich versuchs wieder per Post hochzuladen Ok wenn ich es versuche per Post hochzuladen, lädt er bis zu 100 %, will es dann abschicken und dann ist mein Bild in dem Tab nur noch weiß. Hier der Link dazu http://www.trojaner-board.de/newrepl...reply&t=151756  |
|
31.03.2014, 19:40
| #8 | |
| /// Malwareteam | Werbevirus OxyZitat:
.
__________________ Gruß, Jonas |
|
31.03.2014, 20:38
| #9 |
| | Werbevirus Oxy Alles klar, wollte eigentlich nochmal fragen ob ichs irgendwo anders hochladen soll, aber mir solls recht rein Achja mir ist gerade aufgefallen, das Google Chrome recht oft in den Prozessen an ist, obwohl ich es ausgeschaltet habe. Wenn ich die Prozesse dann beende starten sie automatisch nach ungefähr 5 Sekunden wieder. :O |
|
01.04.2014, 14:32
| #10 |
| /// Malwareteam | Werbevirus Oxy Ok, dann so weiter :Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [425008 2014-03-31] (337 Technology Limited.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-31] (Cherished Technololgy LIMITED)
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1017904 2014-03-31] (337 Technology Limited.)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-31]
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Desk 365
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\WPM
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-31 19:15 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-30 20:38 - 2014-03-30 20:54 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
Task: {BF8C3626-AE7C-4F2A-8F1A-C5BD3C02D153} - System32\Tasks\Oxy => C:\Users\KomaKuh\AppData\Roaming\Oxy\Updater.exe [2014-03-30] () <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
01.04.2014, 19:19
| #11 |
| | Werbevirus Oxy Soo hier sind die nächsten Files Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by KomaKuh at 2014-04-01 17:59:47 Run:1
Running from C:\Users\KomaKuh\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [425008 2014-03-31] (337 Technology Limited.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-31] (Cherished Technololgy LIMITED)
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1017904 2014-03-31] (337 Technology Limited.)
HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586&q={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-31]
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Desk 365
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\WPM
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-31 19:19 - 2014-03-31 19:19 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-31 19:16 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-03-31 19:15 - 2014-03-31 19:16 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Oxy
2014-03-30 20:38 - 2014-03-30 20:54 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\qone8
2014-03-30 20:36 - 2014-03-30 20:36 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-03-30 20:36 - 2014-03-30 20:36 - 00003576 _____ () C:\Windows\System32\Tasks\PileFile reminder
2014-03-30 20:36 - 2014-03-30 20:36 - 00003174 _____ () C:\Windows\System32\Tasks\PileFile logon
Task: {BF8C3626-AE7C-4F2A-8F1A-C5BD3C02D153} - System32\Tasks\Oxy => C:\Users\KomaKuh\AppData\Roaming\Oxy\Updater.exe [2014-03-30] () <==== ATTENTION
*****************
desksvc => Service stopped successfully.
desksvc => Service deleted successfully.
IePluginService => Service stopped successfully.
IePluginService => Service deleted successfully.
Wpm => Service stopped successfully.
Wpm => Service deleted successfully.
C:\ProgramData\WPM\wprotectmanager.exe => No running process found
C:\ProgramData\IePluginService\PluginService.exe => No running process found
C:\Program Files (x86)\Desk 365\deskSvc.exe => No running process found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => Value deleted successfully.
HKU\S-1-5-21-268757211-819875313-238986870-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Desk 365 => Value deleted successfully.
HKU\S-1-5-21-268757211-819875313-238986870-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => Value deleted successfully.
"C:\\PROGRA~2\\SupTab\\SEARCH~2.DLL" => Value Data removed successfully.
"C:\\PROGRA~2\\SupTab\\SEARCH~1.DLL" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => Key deleted successfully.
C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\SupTab => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\Desk 365 => Moved successfully.
C:\ProgramData\WPM => Moved successfully.
C:\ProgramData\IePluginService => Moved successfully.
C:\Program Files (x86)\SupTab => Moved successfully.
C:\Program Files (x86)\Desk 365 => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\Oxy => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\qone8 => Moved successfully.
C:\Windows\System32\Tasks\Oxy => Moved successfully.
C:\Windows\System32\Tasks\PileFile reminder => Moved successfully.
C:\Windows\System32\Tasks\PileFile logon => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF8C3626-AE7C-4F2A-8F1A-C5BD3C02D153} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8C3626-AE7C-4F2A-8F1A-C5BD3C02D153} => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy => Key deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.04.2014 Suchlauf-Zeit: 18:32:24 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.01.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: KomaKuh Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 270664 Verstrichene Zeit: 16 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 1 Trojan.Clicker, C:\Users\KomaKuh\AppData\Local\GCC\Controller.exe, 4408, Löschen bei Neustart, [52aec63a39c751af7bec0a9fe61d13ed] Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [738de91729d7bb4507165fab19e99a66], PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, In Quarantäne, [3fc1cf319769cb35a8ef3b4ffd06db25], PUP.Optional.Desk365.A, HKLM\SOFTWARE\WOW6432NODE\V9\Desk 365, In Quarantäne, [d828c33dde22718f17c0006c2dd5a55b], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 18 PUP.Optional.Desk365.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365, In Quarantäne, [728ed7290df34db3a8e988f8b44ffb05], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\Install, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\en_us, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\es_es, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\pt_br, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\tr_tr, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\zh_cn, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\zh_tw, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\style, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], Dateien: 65 Trojan.Clicker, C:\Users\KomaKuh\AppData\Local\GCC\Controller.exe, Löschen bei Neustart, [52aec63a39c751af7bec0a9fe61d13ed], Trojan.Clicker, C:\Users\KomaKuh\AppData\Local\Temp\GCSetup_mk.exe, In Quarantäne, [fb05e41c29d7659b56111f8a22e1dd23], PUP.Optional.Amonetize.A, C:\Users\KomaKuh\AppData\Local\Temp\OxyBrowserUpdater__3338_i491892894_il6465765.exe, In Quarantäne, [38c8837dbd43c040065480bc18e816ea], PUP.Optional.Amonetize.A, C:\Users\KomaKuh\AppData\Local\Temp\setup.exe, In Quarantäne, [db2519e7718f0af65703bd7f0bf510f0], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396269694\alilog.dll, In Quarantäne, [55ab34cca25e718f2be864cec9375ea2], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396269694\package1.zip, In Quarantäne, [817f43bd7e8251af987b43ef5da3dd23], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396269694\tmp\desk365.exe, In Quarantäne, [5ea26d934fb16f91b8e751bbed1434cc], PUP.Optional.SupTab.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396269694\tmp\SupTab.exe, In Quarantäne, [38c84bb532ce58a881caed48e41c827e], PUP.Optional.WpManager, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396269694\tmp\wpm.exe, In Quarantäne, [3fc1be42da26af51840695c3e9180cf4], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396286173\alilog.dll, In Quarantäne, [e41c29d7f40c4fb1d43fa092c43c17e9], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396286173\package1.zip, In Quarantäne, [21dfcb3507f9b14f31e2be7432ce2ad6], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396286173\tmp\desk365.exe, In Quarantäne, [7e829f61b74919e7d9c662aae61bd62a], PUP.Optional.SupTab.A, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396286173\tmp\SupTab.exe, In Quarantäne, [7987a15fde2256aacc7f2e0728d8c43c], PUP.Optional.WpManager, C:\Users\KomaKuh\AppData\Local\Temp\fullpackage_temp1396286173\tmp\wpm.exe, In Quarantäne, [32ce10f028d8827e4743f068748dff01], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\tmp70FD\mp3_qone8.exe, In Quarantäne, [8d7327d9f40c06fa9e9ae965a65b19e7], PUP.Optional.SkyTech.A, C:\Users\KomaKuh\AppData\Local\Temp\tmp896D\mp3_qone8.exe, In Quarantäne, [44bc2ad6fb057789063275d955ac05fb], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\eInstall.exe, In Quarantäne, [5ea2ff0123dd5da308975daf28d96e92], PUP.Optional.Desk365.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\eUninstall.lnk, In Quarantäne, [728ed7290df34db3a8e988f8b44ffb05], PUP.Optional.Desk365.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\Desk 365.lnk, In Quarantäne, [728ed7290df34db3a8e988f8b44ffb05], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk, In Quarantäne, [8080ac542dd3fe02bb446026a95aff01], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\main, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\msvcp100.dll, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\msvcr100.dll, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\segoeui.ttf, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\segoeuib.ttf, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\app_icon.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\change_skin.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\combo_skin.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\edit_skin.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_back.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_button_skin.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_checked.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_intermediate.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_uncheck.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_logo.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\install_resource.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\patch_file_icon.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\pic-error.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\pic-info.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\pic-question.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\pic-warning.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\popup_dialog_bk.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\progressbar_bk.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\progressbar_image.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\radio_normal.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\radio_selected.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\image\default\sys_close.png, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\Install\4zip.inst, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\Install\AirZip.inst, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\Install\edesk.inst, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\Install\gamelogin.inst, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\protocol.txt, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\en_us\install_lang.ini, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\es_es\install_lang.ini, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\pt_br\install_lang.ini, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\language\tr_tr\install_lang.ini, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default\eDeskInstall.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default\gamelogin.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default\install_msgbox.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default\languageSelect.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\layout\default\uninstgl.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.Desk365.A, C:\Users\KomaKuh\AppData\Local\Temp\Desk365\eInstall\style\install_style.xml, In Quarantäne, [e41c808005fb13ed815988c904fee818], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak, In Quarantäne, [36ca2ad649b7a15fba2360f11fe3b34d], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=61e6d2c0060cb74c9137d571bd660410
# engine=17709
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 06:07:21
# local_time=2014-04-01 08:07:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 11943964 148005491 0 0
# scanned=253981
# found=0
# cleaned=0
# scan_time=4879
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by KomaKuh (administrator) on KOMAKUH-PC on 01-04-2014 20:16:05 Running from C:\Users\KomaKuh\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD) HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung) HKU\S-1-5-21-268757211-819875313-238986870-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung) HKU\S-1-5-21-268757211-819875313-238986870-1001\...\MountPoints2: {0b1400c0-4adb-11e3-9f77-806e6f6e6963} - D:\SETUP.EXE ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA610428EBDECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/de CHR Extension: (Google Docs) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11] CHR Extension: (Google Drive) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11] CHR Extension: (YouTube) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11] CHR Extension: (Adblock Plus) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-11] CHR Extension: (Google-Suche) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11] CHR Extension: (Auto Replay for YouTube™) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-11-26] CHR Extension: (Google Wallet) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11] CHR Extension: (Google Mail) - C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11] CHR StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation) R3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] U4 SR; S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-01 18:38 - 2014-04-01 18:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-01 18:37 - 2014-04-01 18:37 - 02347384 _____ (ESET) C:\Users\KomaKuh\Downloads\esetsmartinstaller_enu.exe 2014-04-01 18:35 - 2014-04-01 18:35 - 00014255 _____ () C:\Users\KomaKuh\Desktop\MBAM.txt 2014-04-01 18:33 - 2014-04-01 18:33 - 00023712 _____ () C:\Windows\PFRO.log 2014-04-01 18:14 - 2014-04-01 18:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-01 18:14 - 2014-04-01 18:34 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-01 18:14 - 2014-04-01 18:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-01 18:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-01 18:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-01 18:10 - 2014-04-01 18:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KomaKuh\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-31 20:37 - 2014-04-01 18:33 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\GCC 2014-03-31 20:37 - 2014-03-31 20:37 - 00004534 _____ () C:\Windows\System32\Tasks\GC_Scheduler 2014-03-31 19:55 - 2014-04-01 20:16 - 00009786 _____ () C:\Users\KomaKuh\Desktop\FRST.txt 2014-03-31 19:30 - 2014-03-31 19:30 - 00018048 _____ () C:\Users\KomaKuh\Downloads\Benotungsschema Praktikumsmappe 9.odt 2014-03-31 19:16 - 2014-03-31 19:53 - 07376130 _____ () C:\Users\KomaKuh\Desktop\SystemLook.txt 2014-03-31 19:15 - 2014-03-31 19:15 - 00165376 _____ () C:\Users\KomaKuh\Desktop\SystemLook_x64.exe 2014-03-31 19:11 - 2014-03-31 19:14 - 00000000 ____D () C:\AdwCleaner 2014-03-31 19:09 - 2014-03-31 19:12 - 00000475 _____ () C:\Users\KomaKuh\Desktop\Neues Textdokument (4).txt 2014-03-31 19:09 - 2014-03-31 19:09 - 01950720 _____ () C:\Users\KomaKuh\Desktop\adwcleaner.exe 2014-03-31 15:48 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de 2014-03-31 15:47 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\Downloads\mausi 3 2014-03-31 15:47 - 2014-03-31 15:47 - 00270615 _____ () C:\Users\KomaKuh\Downloads\Mausi3.zip 2014-03-31 15:27 - 2014-03-31 15:28 - 00000000 ____D () C:\Users\KomaKuh\Desktop\saves FRST 2014-03-31 14:40 - 2014-04-01 18:33 - 00000336 _____ () C:\Windows\setupact.log 2014-03-31 14:40 - 2014-03-31 14:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-30 21:59 - 2014-04-01 20:16 - 00000000 ____D () C:\FRST 2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe 2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip 2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip 2014-03-30 12:42 - 2014-03-30 12:43 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip 2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip 2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip 2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor 2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar 2014-03-30 11:45 - 2014-03-30 11:52 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt 2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx 2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft 2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-24 22:00 - 2014-03-24 22:03 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe 2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe 2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log 2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI 2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD 2014-03-21 21:01 - 2014-03-21 21:22 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe 2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt 2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-03-17 22:58 - 2014-03-17 23:05 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö 2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt 2014-03-17 12:04 - 2014-03-17 12:05 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt 2014-03-16 19:17 - 2014-03-16 22:11 - 00035067 _____ () C:\Gothic.RPT 2014-03-16 16:37 - 2014-03-16 17:00 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk 2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer 2014-03-10 21:49 - 2014-04-01 19:46 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum 2014-03-08 23:07 - 2014-03-09 01:28 - 00000000 ____D () C:\Program Files (x86)\Cube World 2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma 2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames 2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy 2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype 2014-03-05 11:23 - 2014-03-05 11:46 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks ==================== One Month Modified Files and Folders ======= 2014-04-01 20:16 - 2014-03-31 19:55 - 00009786 _____ () C:\Users\KomaKuh\Desktop\FRST.txt 2014-04-01 20:16 - 2014-03-30 21:59 - 00000000 ____D () C:\FRST 2014-04-01 20:06 - 2013-11-11 16:40 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-01 19:46 - 2014-03-10 21:49 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Betriebspraktikum 2014-04-01 18:40 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-01 18:40 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-01 18:38 - 2014-04-01 18:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-01 18:38 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-04-01 18:38 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-04-01 18:38 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-01 18:37 - 2014-04-01 18:37 - 02347384 _____ (ESET) C:\Users\KomaKuh\Downloads\esetsmartinstaller_enu.exe 2014-04-01 18:36 - 2013-11-11 16:16 - 01541940 _____ () C:\Windows\WindowsUpdate.log 2014-04-01 18:35 - 2014-04-01 18:35 - 00014255 _____ () C:\Users\KomaKuh\Desktop\MBAM.txt 2014-04-01 18:34 - 2014-04-01 18:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-01 18:34 - 2014-04-01 18:14 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-01 18:33 - 2014-04-01 18:33 - 00023712 _____ () C:\Windows\PFRO.log 2014-04-01 18:33 - 2014-03-31 20:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\GCC 2014-04-01 18:33 - 2014-03-31 14:40 - 00000336 _____ () C:\Windows\setupact.log 2014-04-01 18:33 - 2013-11-11 16:40 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-01 18:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 18:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-04-01 18:27 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Skype 2014-04-01 18:14 - 2014-04-01 18:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-01 18:14 - 2013-11-11 17:25 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Malwarebytes 2014-04-01 18:14 - 2013-11-11 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-01 18:13 - 2014-04-01 18:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KomaKuh\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-31 20:37 - 2014-03-31 20:37 - 00004534 _____ () C:\Windows\System32\Tasks\GC_Scheduler 2014-03-31 19:53 - 2014-03-31 19:16 - 07376130 _____ () C:\Users\KomaKuh\Desktop\SystemLook.txt 2014-03-31 19:44 - 2013-11-27 19:46 - 00000000 ____D () C:\Users\KomaKuh\Desktop\Bewerbung 2014-03-31 19:30 - 2014-03-31 19:30 - 00018048 _____ () C:\Users\KomaKuh\Downloads\Benotungsschema Praktikumsmappe 9.odt 2014-03-31 19:19 - 2011-06-11 02:58 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2014-03-31 19:19 - 2011-06-11 02:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2014-03-31 19:16 - 2013-11-11 16:19 - 00001201 _____ () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 19:15 - 2014-03-31 19:15 - 00165376 _____ () C:\Users\KomaKuh\Desktop\SystemLook_x64.exe 2014-03-31 19:14 - 2014-03-31 19:11 - 00000000 ____D () C:\AdwCleaner 2014-03-31 19:12 - 2014-03-31 19:09 - 00000475 _____ () C:\Users\KomaKuh\Desktop\Neues Textdokument (4).txt 2014-03-31 19:09 - 2014-03-31 19:09 - 01950720 _____ () C:\Users\KomaKuh\Desktop\adwcleaner.exe 2014-03-31 15:48 - 2014-03-31 15:48 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de 2014-03-31 15:48 - 2014-03-31 15:47 - 00000000 ____D () C:\Users\KomaKuh\Downloads\mausi 3 2014-03-31 15:48 - 2013-11-17 17:32 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Deployment 2014-03-31 15:47 - 2014-03-31 15:47 - 00270615 _____ () C:\Users\KomaKuh\Downloads\Mausi3.zip 2014-03-31 15:28 - 2014-03-31 15:27 - 00000000 ____D () C:\Users\KomaKuh\Desktop\saves FRST 2014-03-31 15:23 - 2013-11-11 22:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-31 15:01 - 2013-11-11 16:40 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-31 15:01 - 2013-11-11 16:40 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-31 14:50 - 2013-12-08 21:17 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Battle.net 2014-03-31 14:40 - 2014-03-31 14:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-30 21:58 - 2014-03-30 21:58 - 02157056 _____ (Farbar) C:\Users\KomaKuh\Desktop\FRST64.exe 2014-03-30 21:10 - 2014-01-16 19:46 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Media Player Classic 2014-03-30 17:47 - 2013-11-11 21:07 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\TS3Client 2014-03-30 12:45 - 2014-03-30 12:45 - 03331554 _____ () C:\Users\Receful\Downloads\15657-svu-gtasa.zip 2014-03-30 12:43 - 2014-03-30 12:43 - 02450164 _____ () C:\Users\Receful\Downloads\15428-ump-45-v-2.0-gtasa.zip 2014-03-30 12:43 - 2014-03-30 12:42 - 02084593 _____ () C:\Users\Receful\Downloads\120744-m1-garand-gtasa.zip 2014-03-30 12:41 - 2014-03-30 12:41 - 03200937 _____ () C:\Users\Receful\Downloads\120535-avtorifle-acw-r-gtasa.zip 2014-03-30 12:34 - 2014-03-30 12:34 - 03282233 _____ () C:\Users\Receful\Downloads\89977-desert-eagle-hd-gtasa.zip 2014-03-30 12:24 - 2014-03-30 12:24 - 00000000 ____D () C:\Users\Receful\Desktop\Alcis IMG Editor 2014-03-30 12:21 - 2014-03-30 12:21 - 02784984 _____ () C:\Users\Receful\Downloads\Alcis IMG Editor.rar 2014-03-30 11:52 - 2014-03-30 11:45 - 00000301 _____ () C:\Users\Receful\Desktop\Neues Textdokument.txt 2014-03-30 08:54 - 2013-11-12 22:13 - 00000000 ____D () C:\Users\Receful\AppData\Roaming\Spotify 2014-03-30 08:40 - 2013-11-24 15:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Overwolf 2014-03-30 03:37 - 2013-11-11 19:09 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\TS3Client 2014-03-29 23:42 - 2014-01-06 22:30 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-03-29 08:00 - 2013-11-12 22:16 - 00000000 ____D () C:\Users\Receful\AppData\Local\Spotify 2014-03-29 04:23 - 2014-03-29 04:23 - 00000807 _____ () C:\Users\Receful\Downloads\listen.asx 2014-03-25 17:21 - 2013-11-11 18:45 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft 2014-03-24 22:06 - 2014-03-24 22:06 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-03-24 22:03 - 2014-03-24 22:00 - 32734976 _____ (DVDVideoSoft Ltd. ) C:\Users\KomaKuh\Downloads\FreeYouTubeDownload.exe 2014-03-23 17:51 - 2014-02-21 21:27 - 00000000 ____D () C:\Program Files (x86)\LOLReplay 2014-03-23 17:50 - 2014-03-23 17:50 - 01469184 _____ () C:\Users\KomaKuh\Downloads\LOLReplay-0.8.7.exe 2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\Users\Receful\AppData\Local\PMB Files 2014-03-23 16:30 - 2013-11-30 01:31 - 00000000 ____D () C:\ProgramData\PMB Files 2014-03-23 08:42 - 2013-11-24 15:23 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-03-21 22:23 - 2014-03-21 22:23 - 00060993 _____ () C:\Windows\SysWOW64\CCCInstall_201403212123060303.log 2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\ProgramData\ATI 2014-03-21 22:23 - 2014-03-21 22:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-03-21 22:23 - 2013-11-11 17:16 - 00000000 ____D () C:\ProgramData\AMD 2014-03-21 22:22 - 2013-11-11 16:31 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-03-21 22:21 - 2014-03-21 22:21 - 00000000 ____D () C:\Program Files\AMD 2014-03-21 22:18 - 2013-11-11 16:26 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-21 22:15 - 2013-12-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-21 21:22 - 2014-03-21 21:01 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\KomaKuh\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe 2014-03-18 21:56 - 2014-03-18 21:56 - 00000013 _____ () C:\Users\KomaKuh\Desktop\geil.txt 2014-03-18 17:21 - 2013-11-11 17:20 - 00000000 ____D () C:\Users\KomaKuh\Desktop\hintergrund 2014-03-18 17:19 - 2014-02-12 10:51 - 00000000 ____D () C:\Users\KomaKuh\Documents\SelfMV 2014-03-18 16:34 - 2014-03-18 16:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-03-17 23:05 - 2014-03-17 22:58 - 00000000 ____D () C:\Users\KomaKuh\Desktop\töhöhö 2014-03-17 22:26 - 2013-12-08 21:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-17 19:12 - 2014-03-17 19:12 - 00000610 _____ () C:\Users\KomaKuh\Desktop\Süß Sauer Mecces (1).txt 2014-03-17 12:05 - 2014-03-17 12:04 - 00000019 _____ () C:\Users\KomaKuh\Desktop\Ymrionn.txt 2014-03-17 11:30 - 2014-01-01 18:54 - 00000000 ____D () C:\Gothic II 2014-03-16 22:11 - 2014-03-16 19:17 - 00035067 _____ () C:\Gothic.RPT 2014-03-16 17:00 - 2014-03-16 16:37 - 00000743 _____ () C:\Users\KomaKuh\Desktop\Ymironn.lnk 2014-03-16 16:56 - 2014-01-01 18:54 - 00000000 ____D () C:\Program Files (x86)\JoWooD 2014-03-16 16:37 - 2014-03-16 16:37 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer 2014-03-09 01:28 - 2014-03-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Cube World 2014-03-08 23:07 - 2014-03-08 23:07 - 00000000 ____D () C:\ProgramData\Picroma 2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\Documents\SavedGames 2014-03-08 00:45 - 2014-03-08 00:45 - 00000000 ____D () C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy 2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-06 12:34 - 2014-03-06 12:34 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Skype 2014-03-06 12:34 - 2013-11-11 19:33 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-03-05 11:46 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-05 11:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Users\KomaKuh\AppData\Local\Bluestacks 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-05 11:23 - 2014-03-05 11:23 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-05 09:26 - 2014-04-01 18:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-04-01 18:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2013-11-11 17:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\KomaKuh\AppData\Local\Temp\57638uninstall.exe C:\Users\KomaKuh\AppData\Local\Temp\93696uninstall.exe C:\Users\KomaKuh\AppData\Local\Temp\htmlayout.dll C:\Users\KomaKuh\AppData\Local\Temp\Quarantine.exe C:\Users\KomaKuh\AppData\Local\Temp\Sqlite3.dll C:\Users\KomaKuh\AppData\Local\Temp\tmp3534.exe C:\Users\KomaKuh\AppData\Local\Temp\tmp5300.tmp.exe C:\Users\KomaKuh\AppData\Local\Temp\tmp5552.exe C:\Users\KomaKuh\AppData\Local\Temp\tmp6A48.exe C:\Users\KomaKuh\AppData\Local\Temp\tmp6DE1.exe C:\Users\KomaKuh\AppData\Local\Temp\tmpD877.exe C:\Users\KomaKuh\AppData\Local\Temp\tmpD8B1.exe C:\Users\Receful\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Receful\AppData\Local\Temp\WTFastSetupOW.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2010-11-21 05:24] - [2011-03-09 18:01] - 2872320 ____A (Microsoft Corporation) 9FF4D976D1696F114A5738842C1C45FF C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 20:15 ==================== End Of Log ============================ |
|
01.04.2014, 21:53
| #12 | ||||||||
| /// Malwareteam | Werbevirus Oxy Ok, wenn du jetzt keine weiteren Probleme mehr hast, sind wir fertig .Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Updates Internet Explorer 11
Java Version 7 Update 51 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Adobe Reader Version XI (11.0.06)
Adobe Flash Player Version 12.0.0.77
Cleanup Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps). Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> SoftwareDie Reihenfolge ist hier entscheidend.
In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen Welcher Antivirenscanner ist der Beste?
Aber Updates muss ich immer installieren, oder?
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
Welche Programme sollte ich nicht verwenden?
Gibt es noch weitere Tipps, um mich zu schützen?
Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .Ich wünsche dir eine schöne und malwarefreie Zeit  .
__________________ Gruß, Jonas |
|
02.04.2014, 12:43
| #13 |
| | Werbevirus Oxy Danke dir für alles Jonas, kann mein PC endlich starten ohne dass ich von Oxy direkt gestört werde Hätte noch eine Frage, und zwar wenn ich meinen PC wieder starte und Google Chrome öffne, ist immer noch die Startseite von oxy namens qone8 offen, weswegen ich bei jedem PC Start die Startseite meines Browsers ändern muss. Kannst du mir da irgend nen Rat geben ? Auch ist qone8 nicht mehr als Startseite festgelegt erscheint aber trotzdem nach jedem Start Geändert von Vime (02.04.2014 um 13:20 Uhr) |
|
02.04.2014, 18:14
| #14 | |
| /// Malwareteam | Werbevirus OxyZitat:
Schritt 1 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Besteht das Problem immernoch?
__________________ Gruß, Jonas |
|
02.04.2014, 18:34
| #15 |
| | Werbevirus Oxy Also, es im IE ist es auch als Startseite, obwohl bei Startseite www.google.com angegeben ist. Code:
ATTFilter Shortcut Cleaner 1.3.1 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Ultimate Service Pack 1
Program started at: 04/02/2014 07:29:14 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\KomaKuh\Desktop
0 bad shortcuts found.
Program finished at: 04/02/2014 07:29:17 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
Auf der Seite passiert nichts bis auf "Werbung", und wollte es ehrlich gesagt nich ausprobieren irgendwo drauf zu drücken, immer direkt neuen Tab gestartet. |
|
| Themen zu Werbevirus Oxy |
| administrator, anti-malware, bräuchte, durchlauf, einstellungen, entdeck, entferne, entfernen, entfernt, erweiterung, funktionen, gen, google, hoffe, limited, malwarebytes, programme, programme und funktionen, schließe, seite, starte, startseite, virus, warscheinlich, werbevirus, öffnen, öffnet |
Linear-Darstellung
