|
Plagegeister aller Art und deren Bekämpfung: Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.04.2014, 10:35 | #1 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo Liebe Community, Es geht darum, dass ich den Verdacht habe, dass mein PC stark mit Viren befallen ist. Seit einigen Wochen schon leidet die Internetverbindung extrem, Ich werde, wenn ich den Browser öffne, auf ganz komische Seiten umgeleitet, Der Pc friert manchmal einfach so ein und der Computer ist an sich recht langsam. Nun die Frage: Kann mir jemand von euch helfen diese Viren zu löschen damit der Computer wieder besser funktioniert? Danke im Vorraus! P.S. Ich benutze windows-7 Mit freundlichen Grüßen Bekir Was noch hinzuzufügen ist: Ich war schon einmal hier im Forum und hatte mein Problem mit diesem Forum geteilt. Mir wurde intensiv bei der Sache geholfen und alle Viren(zumindest die Symptome) wurden bereinigt. Da wollte ich mich nochmal bedanken. |
14.04.2014, 11:13 | #2 |
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
14.04.2014, 11:34 | #3 | |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Addition.txt
__________________Zitat:
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01 Ran by Botan (administrator) on XEBAT-PC on 14-04-2014 12:30:14 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\Premium\MagniPic\MagniPic.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe () C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe () C:\Program Files (x86)\PlurPush\updatePlurPush.exe () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Akamai Technologies, Inc.) C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Akamai Technologies, Inc.) C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (AMD) C:\Windows\system32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (BugSplat, LLC) C:\Users\Bekir&Botan\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.2.36\deploy\BsSndRpt.exe (BugSplat, LLC) C:\Users\Bekir&Botan\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.2.36\deploy\BsSndRpt.exe ( ) C:\Users\BEKIR&~1\AppData\Local\Temp\nsh8CB7.tmp (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe () C:\Program Files (x86)\PlurPush\bin\FilterApp_C64.exe () C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserAdapter.exe (Smartbar) C:\Users\Botan\AppData\Local\Smartbar\Application\Smartbar.exe () C:\Users\Botan\AppData\Local\Smartbar\Application\Lrcnta.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X] HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-29] (Siber Systems) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe [20760 2013-11-21] (Smartbar) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Akamai NetSession Interface] => C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [DT Emphelungstool] => "C:\Users\Bekir&Botan\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 1 HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\MountPoints2: {db1faac1-9594-11e2-9446-806e6f6e6963} - D:\Start.exe AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser Stabilizer\BrowserStabilizer_x64.dll [4204032 2013-12-27] () AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => C:\ProgramData\Browser Stabilizer\BrowserStabilizer.dll [4242432 2013-12-27] () Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms} SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms} BHO: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho64.dll (Feven) BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho.dll (Feven) BHO-x32: Lyrics Monkey - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files (x86)\LyricsMonkey\lyricsmonkey.dll (MNDi Software) BHO-x32: MiaggnyiPPic - {226EC5EC-B16E-A1ED-2CC5-09C8C306D073} - C:\ProgramData\MiaggnyiPPic\51c7351647449.dll () BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll (PlurPush) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll (Tencent) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR HomePage: http:\/\/start.mysearchdial.com\/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: http:\/\/start.mysearchdial.com\/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google-Suche) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (MySearchDial Neuer Tab) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Google Mail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR Extension: (Feven 2.5) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbhkhbgdaamliaimlpdlhokkecoibka [2014-01-18] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-18] CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\LyricsMonkey\Chrome.crx [2013-04-21] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 2db04d42; C:\ProgramData\Browser Stabilizer\BrowserStabilizerSvc.dll [180048 2013-12-27] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It) U4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] () R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-10] () R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-10] () R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-18] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 TesSafe; C:\Windows\system32\TesSafe.sys [884712 2014-03-23] (TENCENT) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-14 12:30 - 2014-04-14 12:30 - 00024302 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-14 12:29 - 02157568 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D1 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Systweak 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 10:30 - 2014-04-14 10:50 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2014-04-14 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 09:10 - 2014-04-14 12:10 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job 2014-04-14 09:10 - 2014-04-14 09:10 - 00003232 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-04-14 09:09 - 2014-04-14 09:10 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\mysearchdial 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-14 09:09 - 2014-04-14 09:09 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial 2014-04-14 09:09 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-14 12:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-11 14:43 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-03 22:37 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (hxxp://yourfiledownloader.com) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:12 - 2014-04-03 18:12 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Systweak 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:02 - 2014-04-03 18:03 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Systweak 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:30 - 2014-03-31 14:52 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-03-30 15:30 - 2014-03-30 15:30 - 00001973 _____ () C:\Users\Botan\Desktop\Sync Folder.lnk 2014-03-30 15:30 - 2014-03-30 15:30 - 00001091 _____ () C:\Users\Botan\Desktop\MyPC Backup.lnk 2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-03-30 15:29 - 2014-04-14 12:26 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Systweak 2014-03-30 15:29 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\Smartbar 2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\LPT 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:16 - 2014-03-23 14:16 - 00000000 ____D () C:\Program Files\Tencent 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 16:02 - 00000000 ____D () C:\Program Files (x86)\Tencent 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 21:54 - 2014-03-22 01:10 - 00000000 ____D () C:\ProgramData\Tencent 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-23 22:47 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-22 01:10 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Tencent 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-14 12:30 - 2014-04-14 12:30 - 00024302 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-14 12:29 - 02157568 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:26 - 2014-03-30 15:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Systweak 2014-04-14 12:24 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:22 - 2014-04-14 09:11 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 12:22 - 2013-03-25 23:44 - 01778423 _____ () C:\Windows\WindowsUpdate.log 2014-04-14 12:21 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:19 - 2014-04-07 20:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-04-14 12:17 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:10 - 2014-04-14 09:10 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D1 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 12:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-14 11:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-14 11:21 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-14 11:21 - 2014-01-18 00:09 - 00001328 _____ () C:\Windows\Tasks\Feven 2.5-updater.job 2014-04-14 11:21 - 2014-01-18 00:09 - 00001280 _____ () C:\Windows\Tasks\Feven 2.5-codedownloader.job 2014-04-14 11:21 - 2014-01-18 00:09 - 00001152 _____ () C:\Windows\Tasks\Feven 2.5-enabler.job 2014-04-14 11:21 - 2014-01-18 00:08 - 00002112 _____ () C:\Windows\Tasks\Feven 2.5-chromeinstaller.job 2014-04-14 11:21 - 2014-01-18 00:08 - 00002034 _____ () C:\Windows\Tasks\Feven 2.5-firefoxinstaller.job 2014-04-14 11:21 - 2013-06-23 19:00 - 00000376 ____H () C:\Windows\Tasks\MagniPicUpdaterTask{763F5F08-6C67-402E-A43C-A37A27633406}.job 2014-04-14 11:21 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2014-01-18 00:09 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\newnext.me 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Systweak 2014-04-14 11:16 - 2013-03-26 00:21 - 00194534 _____ () C:\Windows\PFRO.log 2014-04-14 11:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-14 11:16 - 2009-07-14 06:51 - 00080673 _____ () C:\Windows\setupact.log 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 10:50 - 2014-04-14 10:30 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-14 09:10 - 2014-04-14 09:10 - 00003232 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-04-14 09:10 - 2014-04-14 09:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\mysearchdial 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-14 09:09 - 2014-04-14 09:09 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial 2014-04-13 11:58 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 23:13 - 2014-04-14 09:09 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-11 14:43 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-09 21:10 - 2013-06-10 22:13 - 00002387 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2013-03-29 11:48 - 00000000 _____ () C:\END 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:37 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:55 - 2014-04-03 21:54 - 07083256 _____ (hxxp://yourfiledownloader.com) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2014-04-03 18:12 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Systweak 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:03 - 2014-04-03 18:02 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Systweak 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-31 18:36 - 2014-01-18 00:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-03-31 14:52 - 2014-03-30 15:30 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:30 - 2014-03-30 15:30 - 00001973 _____ () C:\Users\Botan\Desktop\Sync Folder.lnk 2014-03-30 15:30 - 2014-03-30 15:30 - 00001091 _____ () C:\Users\Botan\Desktop\MyPC Backup.lnk 2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\Smartbar 2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\LPT 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:47 - 2014-03-19 19:02 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:16 - 2014-03-23 14:16 - 00000000 ____D () C:\Program Files\Tencent 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-22 01:10 - 2014-03-19 21:54 - 00000000 ____D () C:\ProgramData\Tencent 2014-03-22 01:10 - 2014-03-18 20:41 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Tencent 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 16:02 - 2014-03-20 15:59 - 00000000 ____D () C:\Program Files (x86)\Tencent 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Bekir&Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\DelayInst.exe C:\Users\Bekir&Botan\AppData\Local\Temp\installservice.exe C:\Users\Bekir&Botan\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\Bekir&Botan\AppData\Local\Temp\NGMDll.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMResource.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\Profiles.exe C:\Users\Bekir&Botan\AppData\Local\Temp\unicows.dll C:\Users\Bekir&Botan\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Botan\AppData\Local\Temp\1_Offer_9.exe C:\Users\Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Botan\AppData\Local\Temp\DownloadManager.exe C:\Users\Botan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Botan\AppData\Local\Temp\nsiA7B8.exe C:\Users\Botan\AppData\Local\Temp\sp-downloader.exe C:\Users\Botan\AppData\Local\Temp\TXPltSafeInit.dll C:\Users\Schule\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Schule\AppData\Local\Temp\gnsocaby.dll C:\Users\Schule\AppData\Local\Temp\hrxha0hy.dll C:\Users\Schule\AppData\Local\Temp\instloffer.exe C:\Users\Schule\AppData\Local\Temp\itinstallerp.exe C:\Users\Schule\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\Schule\AppData\Local\Temp\SkypeSetup.exe C:\Users\Schule\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Schule\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Schule\AppData\Local\Temp\uninst1.exe C:\Users\Schule\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Schule\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Xebat\AppData\Local\Temp\bitool.dll C:\Users\Xebat\AppData\Local\Temp\DeltaTB.exe C:\Users\Xebat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Xebat\AppData\Local\Temp\LyricsPal.exe C:\Users\Xebat\AppData\Local\Temp\lyricstmp.exe C:\Users\Xebat\AppData\Local\Temp\MixiDJToolbar_yh.exe C:\Users\Xebat\AppData\Local\Temp\ose00000.exe C:\Users\Xebat\AppData\Local\Temp\vlc-2.0.6-win64.exe C:\Users\Xebat\AppData\Local\Temp\wajam_install.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ --- --- --- --- --- --- |
14.04.2014, 21:10 | #4 |
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo bekirikus, gibt es einen bestimmten Grund, warum auf dem Rechner kein Antivirenprogramm drauf ist? Sagt dir eine Softwarefirma namens Tencent etwas? In deiner Programmliste befindet sich ein Eintrag von denen. Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Browser Stabilizer Bundled software uninstaller DMUninstaller Feven 2.5 FilesFrog Update Checker Lyrics Monkey MagniPic MyPC Backup Mysearchdial SoftwareUpdater WPM17.8.0.3325 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du Probleme mit der Deinstallation eines der genannten Programme haben solltest, dann benutze den Revo-uninstaller dafür. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
|
15.04.2014, 13:46 | #5 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Tencent sagt mir jetzt nichts :O. Zu den Virenprogrammen kann ich nur sagen, dass ich immer die falschen raussuche und diese sich dann als Viren herausstellen.. Würde mich freuen wenn du mir ein Programm(kostenlos) empfehlen könntest. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 13:08:23 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Ultimate (64 bits) # Benutzername : Botan - XEBAT-PC # Gestartet von : C:\Users\Botan\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\StarApp Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\ProgramData\Tencent Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\MiaggnyiPPic Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Ordner Gelöscht : C:\Program Files (x86)\MagniPic Ordner Gelöscht : C:\Program Files (x86)\Mobogenie Ordner Gelöscht : C:\Program Files (x86)\myfree codec Ordner Gelöscht : C:\Program Files (x86)\Tencent Ordner Gelöscht : C:\Program Files (x86)\XingHaoLyrics Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tencent Ordner Gelöscht : C:\Program Files\Tencent Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Temp\Iminent Ordner Gelöscht : C:\Users\Xebat\AppData\LocalLow\Delta Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Ordner Gelöscht : C:\Users\Schule\AppData\Local\webplayer Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\Delta Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\mixidj Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\MiaggnyiPPic Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\BitLord Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\simplitec Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker Ordner Gelöscht : C:\Users\Schule\Documents\BitLord Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\genienext Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Temp\Smartbar Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\mixidj Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\MiaggnyiPPic Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\newnext.me Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Bekir&Botan\Documents\Mobogenie Ordner Gelöscht : C:\Users\Botan\AppData\Local\LPT Ordner Gelöscht : C:\Users\Botan\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\Botan\AppData\Local\Temp\Smartbar Ordner Gelöscht : C:\Users\Botan\AppData\Local\Temp\Tencent Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\mixidj Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\MiaggnyiPPic Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Mysearchdial Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Tencent Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\ffxtlbr@mixidj.com Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\staged Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\Extensions\staged Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\Extensions\staged Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\Extensions\staged Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp Datei Gelöscht : C:\END Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk Datei Gelöscht : C:\Users\Bekir&Botan\Desktop\Search.lnk Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\bprotector_prefs.js Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\BrowserProtect.xml Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\mixidj.xml Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Mysearchdial.xml Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Mysearchdial.xml Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\searchplugins\Mysearchdial.xml Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\searchplugins\Mysearchdial.xml Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\user.js Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\user.js Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\user.js Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\user.js Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Botan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gelöscht : HKLM\SOFTWARE\5208adbe16fee43 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_actual-booster_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_actual-booster_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_skypelogview_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_skypelogview_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{226EC5EC-B16E-A1ED-2CC5-09C8C306D073} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{226EC5EC-B16E-A1ED-2CC5-09C8C306D073} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\BI Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\mysearchdial.com Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\smartbarbackup Schlüssel Gelöscht : HKCU\Software\smartbarlog Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\TENCENT Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKCU\Software\AppDataLow\TENCENT Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\Software\Myfree Codec Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware Schlüssel Gelöscht : HKLM\Software\SoftwareUpdater Schlüssel Gelöscht : HKLM\Software\SP Global Schlüssel Gelöscht : HKLM\Software\SProtector Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\TENCENT Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\Vittalia Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16476 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial"); Zeile gelöscht : user_pref("extensions.crossrider.bic", "143df47e901d5f1afaf10e9892e57d3e"); Zeile gelöscht : user_pref("extensions.mixidj.tlbrId", "mdelta"); Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "5921"); Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false"); Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false"); Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1379,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...] Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false"); Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088"); Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...] Zeile gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...] Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1365245657839 - onFlagInfoReceived - Server mapping version (client-side): 0.21086\n1365245657839 - onFlagInfoReceived - Same server mapping version, don't upd[...] Zeile gelöscht : user_pref("extensions.wajam.unique_id", "2BAE65D8B6B1C5AEA46FD1876421E2C2"); Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0"); Zeile gelöscht : user_pref("extensions.wajam.version", "1.26"); Zeile gelöscht : user_pref("extensions.wajam.website_version", "1.00271.0"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...] Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiH[...] [ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\prefs.js ] Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false); Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...] Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...] Zeile gelöscht : user_pref("extensions.51c735164736a.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElem[...] Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gelöscht : user_pref("extensions.crossrider.bic", "143d322eb8e7dd5d5d40dc19140f2132"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiH[...] Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", ""); [ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...] [ Datei : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\prefs.js ] Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false); Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...] Zeile gelöscht : user_pref("browser.search.defaultenginename", "nationzoom"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&ty[...] Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gelöscht : user_pref("extensions.crossrider.bic", "143a2d2bba07b56ec54849a93dd5b919"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&fr=linkury-tb&installDate=14/01/2014&type=hp1000&p="[...] Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); [ Datei : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "145649c8d427189e17acc34ad9fe9147"); -\\ Google Chrome v34.0.1847.116 [ Datei : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage [ Datei : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage [ Datei : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : icon_url ************************* AdwCleaner[R0].txt - [37437 octets] - [15/04/2014 13:07:13] AdwCleaner[S0].txt - [30407 octets] - [15/04/2014 13:08:23] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30468 octets] ########## +++ mbam.txt konnte ich hier nicht reinkopieren da beim erstellen der datei das gesamte Programm abgestürtzt ist +++ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by Botan at 2014-04-15 14:10:42 Running from C:\Users\Botan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE) ½£Áé_ÌÚѶ (HKLM-x32\...\½£Áé_ÌÚѶ) (Version: - Tencent) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden China Localization Patcher (HKLM-x32\...\{358B9F54-BFA2-4FC4-8134-CA786EC84260}) (Version: 1.5.1.0 - LokiReborn) Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com) Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1197 - SG INTERACTIVE) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve ) Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard) Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version: - Turbine, Inc) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) ÌÚѶÓÎϷƽ̨ (HKLM-x32\...\ÌÚѶÓÎϷƽ̨Formal) (Version: - Tencent) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - ) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG) Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140120.76235 - Square Enix Ltd) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PlurPush (HKLM\...\PlurPush) (Version: 2014.03.28.231718 - PlurPush) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.) S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - ) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH) Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft) VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd) Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden 网游加速小助手(剑灵) (HKLM-x32\...\网游加速小助手(剑灵)) (Version: 2.0.45.89 - Copyright (C) 2013 Tencent) ==================== Restore Points ========================= 10-04-2014 16:06:12 Windows Update 12-04-2014 06:45:18 Installed Java 7 Update 51 14-04-2014 10:07:20 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de) 14-04-2014 10:08:44 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de) 14-04-2014 10:11:19 Revo Uninstaller's restore point - RegClean Pro 14-04-2014 10:15:05 Revo Uninstaller's restore point - Yahoo Community Smartbar 14-04-2014 10:16:08 Revo Uninstaller's restore point - VO Package 14-04-2014 10:17:11 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine 14-04-2014 10:18:08 Revo Uninstaller's restore point - Shopping Helper Smartbar 14-04-2014 10:19:16 Revo Uninstaller's restore point - Search Protect 14-04-2014 10:20:20 Revo Uninstaller's restore point - PDF24 Creator 6.3.1 14-04-2014 10:21:52 Revo Uninstaller's restore point - BlockAndSurf 14-04-2014 10:23:16 Revo Uninstaller's restore point - RoboForm 7-9-0-0 (All Users) 14-04-2014 10:25:22 Revo Uninstaller's restore point - MixiDJ Toolbar 14-04-2014 10:26:16 Revo Uninstaller's restore point - Advanced System Protector 14-04-2014 10:27:23 Revo Uninstaller's restore point - AnyProtect 15-04-2014 10:34:47 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {002BED3E-0919-4BBA-995C-03DF069AAFAC} - System32\Tasks\Opera D6 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {08C53256-84E4-4A93-9D31-4012A0E1265A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.) Task: {0B690F27-DA5A-4C5E-8AF6-045ABC577E99} - System32\Tasks\Opera D2 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated) Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {32E2FB49-08D2-4DBE-93C7-4EC65EC0EC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.) Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {91A8BAED-7921-4F64-8D8F-23A72868DD67} - System32\Tasks\Opera D7 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe Task: {A3BF923E-AA25-43DC-B5EC-2164F85BE938} - System32\Tasks\Opera D3 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ" Task: {C3C1E073-17C1-4AD7-888A-EFA9E57142B8} - System32\Tasks\Opera D4 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar Task: {FA300F06-B62E-4AA8-AC6E-3FA665C44822} - System32\Tasks\Opera D5 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 17:32 - 2012-12-19 17:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-10-17 20:39 - 2012-10-17 20:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-10-17 20:39 - 2012-10-17 20:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-12-19 17:32 - 2012-12-19 17:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-29 01:17 - 2014-04-15 11:27 - 00350488 _____ () C:\Program Files (x86)\PlurPush\updatePlurPush.exe 2014-03-30 16:34 - 2014-04-15 10:54 - 00350488 _____ () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe 2013-05-17 13:32 - 2013-03-01 14:13 - 01300816 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2013-05-17 13:36 - 2014-03-29 11:00 - 05329400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe 2013-07-10 10:56 - 2013-07-10 10:56 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe 2013-05-17 13:36 - 2014-04-03 14:26 - 16510456 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\League of Legends.exe 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll 2014-03-18 18:05 - 2014-03-18 18:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-18 17:01 - 2014-03-28 15:40 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll 2013-09-07 17:04 - 2014-03-29 11:00 - 00264696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\RiotLauncher.dll 2013-05-17 13:36 - 2014-04-03 14:26 - 01494520 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\RiotLauncher.dll 2013-09-07 17:25 - 2014-03-29 11:00 - 00380408 _____ () C:\Riot Games\League of Legends\RADS\RiotRadsIO.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #2 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #3 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2014 02:06:38 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xf00 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (04/15/2014 02:04:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (04/15/2014 02:03:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xa9c Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (04/15/2014 01:01:08 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:01:07 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:01:06 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:01:04 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:00:10 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:00:09 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. Error: (04/15/2014 01:00:07 PM) (Source: MagniPicUpdater) (User: ) Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar. System errors: ============= Error: (04/15/2014 01:10:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/15/2014 01:01:57 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/15/2014 10:51:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/14/2014 11:19:01 AM) (Source: Service Control Manager) (User: ) Description: Dienst "BlockAndSurf" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/14/2014 11:18:47 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Search Protect by Conduit Service" wurde nicht richtig gestartet. Error: (04/14/2014 11:17:27 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/14/2014 11:17:26 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/14/2014 11:17:26 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (04/14/2014 11:16:52 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.04.2014 um 11:15:59 unerwartet heruntergefahren. Error: (04/14/2014 11:15:10 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.04.2014 um 11:14:02 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 72% Total physical RAM: 4093.55 MB Available physical RAM: 1144.36 MB Total Pagefile: 8185.25 MB Available Pagefile: 4780.5 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:137.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6312B514) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
15.04.2014, 13:47 | #6 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Botan (administrator) on XEBAT-PC on 15-04-2014 14:10:08 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe () C:\Program Files (x86)\PlurPush\updatePlurPush.exe () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\League of Legends.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Xebat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-29] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Xebat\AppData\Roaming\Spotify\spotify.exe [4640768 2014-01-29] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {20ff1223-bee4-11e2-9105-50e549d5f581} - F:\Startme.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {797d9470-95aa-11e2-8f78-50e549d5f581} - E:\Setup.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-05-01] () HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [SDP] => C:\Users\Schule\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3551576 2014-01-16] (Electronic Arts) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [ThreadManager.exe] => C:\Program Files (x86)\Thread Manager\ThreadManager.exe [12322584 2013-07-04] (Digital Generation Inc.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {fe4d9a5b-d903-11e2-9673-50e549d5f581} - F:\LGAutoRun.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DT Emphelungstool] => "C:\Users\Bekir&Botan\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 1 HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {db1faac1-9594-11e2-9446-806e6f6e6963} - D:\Start.exe Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN???????? ????; (MSN????) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] () R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] () ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 TesSafe; C:\Windows\system32\TesSafe.sys [884712 2014-03-23] (TENCENT) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 14:09 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-15 14:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-14 12:31 - 00044435 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-15 14:10 - 00018566 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-15 14:10 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-15 14:09 - 02054144 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 10:30 - 2014-04-14 10:50 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2014-04-14 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-14 09:09 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-11 14:43 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-03 22:37 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:30 - 2014-04-15 13:19 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-23 22:47 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-15 14:10 - 2014-04-14 12:30 - 00018566 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-15 14:10 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-15 14:09 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 14:09 - 2014-04-14 12:29 - 02054144 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-15 14:06 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 14:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 14:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 13:19 - 2014-03-30 15:30 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-15 13:15 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:15 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:14 - 2013-03-25 23:44 - 01857641 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:10 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-15 13:10 - 2013-03-26 00:21 - 00201786 _____ () C:\Windows\PFRO.log 2014-04-15 13:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 13:10 - 2009-07-14 06:51 - 00081401 _____ () C:\Windows\setupact.log 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:09 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:07 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 23:40 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-14 17:58 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-14 12:31 - 00044435 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:22 - 2014-04-14 09:11 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 10:50 - 2014-04-14 10:30 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 23:13 - 2014-04-14 09:09 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-11 14:43 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:37 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:55 - 2014-04-03 21:54 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:47 - 2014-03-19 19:02 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Bekir&Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\DelayInst.exe C:\Users\Bekir&Botan\AppData\Local\Temp\installservice.exe C:\Users\Bekir&Botan\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\Bekir&Botan\AppData\Local\Temp\NGMDll.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMResource.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\Profiles.exe C:\Users\Bekir&Botan\AppData\Local\Temp\unicows.dll C:\Users\Bekir&Botan\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Botan\AppData\Local\Temp\1_Offer_9.exe C:\Users\Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Botan\AppData\Local\Temp\bi_cleaner.exe C:\Users\Botan\AppData\Local\Temp\DownloadManager.exe C:\Users\Botan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Botan\AppData\Local\Temp\nsiA7B8.exe C:\Users\Botan\AppData\Local\Temp\Quarantine.exe C:\Users\Botan\AppData\Local\Temp\sp-downloader.exe C:\Users\Botan\AppData\Local\Temp\TXPltSafeInit.dll C:\Users\Schule\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Schule\AppData\Local\Temp\gnsocaby.dll C:\Users\Schule\AppData\Local\Temp\hrxha0hy.dll C:\Users\Schule\AppData\Local\Temp\instloffer.exe C:\Users\Schule\AppData\Local\Temp\itinstallerp.exe C:\Users\Schule\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\Schule\AppData\Local\Temp\SkypeSetup.exe C:\Users\Schule\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Schule\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Schule\AppData\Local\Temp\uninst1.exe C:\Users\Schule\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Schule\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Xebat\AppData\Local\Temp\bitool.dll C:\Users\Xebat\AppData\Local\Temp\DeltaTB.exe C:\Users\Xebat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Xebat\AppData\Local\Temp\LyricsPal.exe C:\Users\Xebat\AppData\Local\Temp\lyricstmp.exe C:\Users\Xebat\AppData\Local\Temp\MixiDJToolbar_yh.exe C:\Users\Xebat\AppData\Local\Temp\ose00000.exe C:\Users\Xebat\AppData\Local\Temp\vlc-2.0.6-win64.exe C:\Users\Xebat\AppData\Local\Temp\wajam_install.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ ... |
15.04.2014, 20:17 | #7 |
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Ok, dann lass das erstmal weg, btw: Warum hat das Windows kein ServicePack1 und noch den IE 9. Als kostenloses AV kann ich dir AVAST! empfehlen und das auch ziemlich dringend, bei der ganzen Masse an Kram auf deinem PC. Falls du dir es herunterladen möchtest, mache bitte damit eine Schnellüberprüfung und poste etwaige Funde hier. Wie läuft der Rechner denn jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] () R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] () R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe C:\Program Files (x86)\AnyProtectEx C:\Users\Bekir&Botan\AppData\Roaming\newnext.me C:\Users\Schule\AppData\Local\WebPlayer C:\Users\Bekir&Botan\AppData\Local\Smartbar C:\ProgramData\Windows\ C:\Program Files\McAfee Security Scan C:\Program Files (x86)\PlurPush C:\Windows\system32\TesSafe.sys C:\Windows\System32\drivers\wStLibG64.sys C:\Users\Botan\AppData\Local\speedial.crx C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe C:\Users\Botan\AppData\Local\Temp\*.dll C:\Users\Botan\AppData\Local\Temp\*.exe C:\Users\Schule\AppData\Local\Temp\*.exe C:\Users\Xebat\AppData\Local\Temp\*.exe C:\Users\Schule\AppData\Local\Temp\*.dll C:\Users\Xebat\AppData\Local\Temp\*.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
16.04.2014, 20:42 | #8 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02 Ran by Botan at 2014-04-16 21:30:36 Running from C:\Users\Botan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE) ½£Áé_ÌÚѶ (HKLM-x32\...\½£Áé_ÌÚѶ) (Version: - Tencent) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden China Localization Patcher (HKLM-x32\...\{358B9F54-BFA2-4FC4-8134-CA786EC84260}) (Version: 1.5.1.0 - LokiReborn) Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com) Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1197 - SG INTERACTIVE) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve ) Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard) Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version: - Turbine, Inc) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) ÌÚѶÓÎϷƽ̨ (HKLM-x32\...\ÌÚѶÓÎϷƽ̨Formal) (Version: - Tencent) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - ) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG) Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140120.76235 - Square Enix Ltd) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PlurPush (HKLM\...\PlurPush) (Version: 2014.03.28.231718 - PlurPush) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.) S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - ) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH) Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft) VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd) Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden 网游加速小助手(剑灵) (HKLM-x32\...\网游加速小助手(剑灵)) (Version: 2.0.45.89 - Copyright (C) 2013 Tencent) ==================== Restore Points ========================= 12-04-2014 06:45:18 Installed Java 7 Update 51 14-04-2014 10:07:20 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de) 14-04-2014 10:08:44 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de) 14-04-2014 10:11:19 Revo Uninstaller's restore point - RegClean Pro 14-04-2014 10:15:05 Revo Uninstaller's restore point - Yahoo Community Smartbar 14-04-2014 10:16:08 Revo Uninstaller's restore point - VO Package 14-04-2014 10:17:11 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine 14-04-2014 10:18:08 Revo Uninstaller's restore point - Shopping Helper Smartbar 14-04-2014 10:19:16 Revo Uninstaller's restore point - Search Protect 14-04-2014 10:20:20 Revo Uninstaller's restore point - PDF24 Creator 6.3.1 14-04-2014 10:21:52 Revo Uninstaller's restore point - BlockAndSurf 14-04-2014 10:23:16 Revo Uninstaller's restore point - RoboForm 7-9-0-0 (All Users) 14-04-2014 10:25:22 Revo Uninstaller's restore point - MixiDJ Toolbar 14-04-2014 10:26:16 Revo Uninstaller's restore point - Advanced System Protector 14-04-2014 10:27:23 Revo Uninstaller's restore point - AnyProtect 15-04-2014 10:34:47 Windows Update 15-04-2014 20:49:53 avast! antivirus system restore point ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {002BED3E-0919-4BBA-995C-03DF069AAFAC} - System32\Tasks\Opera D6 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {08C53256-84E4-4A93-9D31-4012A0E1265A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.) Task: {1B3E1F00-7C74-458B-B1E2-AE3ECFD48B54} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-15] (AVAST Software) Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated) Task: {32E2FB49-08D2-4DBE-93C7-4EC65EC0EC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.) Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe Task: {91A8BAED-7921-4F64-8D8F-23A72868DD67} - System32\Tasks\Opera D7 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe Task: {A3BF923E-AA25-43DC-B5EC-2164F85BE938} - System32\Tasks\Opera D3 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ" Task: {C3C1E073-17C1-4AD7-888A-EFA9E57142B8} - System32\Tasks\Opera D4 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar Task: {FA300F06-B62E-4AA8-AC6E-3FA665C44822} - System32\Tasks\Opera D5 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 17:32 - 2012-12-19 17:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-10-17 20:39 - 2012-10-17 20:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-10-17 20:39 - 2012-10-17 20:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-12-19 17:32 - 2012-12-19 17:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2013-10-23 19:19 - 2014-04-11 00:20 - 00602680 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-04-15 22:57 - 2014-04-15 22:57 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041501\algo.dll 2014-04-16 19:29 - 2014-04-16 19:29 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2014-04-15 22:51 - 2014-04-15 22:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll 2014-03-18 18:05 - 2014-03-18 18:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-18 17:01 - 2014-03-28 15:40 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll 2013-04-10 13:40 - 2014-04-11 00:20 - 36966968 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libcef.dll 2013-10-23 19:19 - 2014-04-11 00:20 - 00886840 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-10-23 19:19 - 2014-04-11 00:20 - 00108600 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #2 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft-ISATAP-Adapter #3 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/16/2014 08:29:55 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/16/2014 02:30:50 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/16/2014 02:30:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/16/2014 02:30:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/16/2014 02:30:35 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/15/2014 10:50:04 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary lmizbsze. System Error: Das System kann die angegebene Datei nicht finden. . Error: (04/15/2014 10:29:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/15/2014 10:29:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (04/15/2014 07:31:39 PM) (Source: Application Hang) (User: ) Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16dc Startzeit: 01cf58d08a5325b9 Endzeit: 1 Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: cbcf260c-c4c3-11e3-bf73-50e549d5f581 Error: (04/15/2014 03:48:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x1300 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 System errors: ============= Error: (04/16/2014 11:27:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/16/2014 03:04:52 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/16/2014 03:03:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/16/2014 00:34:12 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/16/2014 00:33:28 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 16.04.2014 um 00:32:20 unerwartet heruntergefahren. Error: (04/15/2014 10:25:54 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error: (04/15/2014 10:23:49 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Util PlurPush" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/15/2014 10:23:48 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Update PlurPush" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/15/2014 07:25:14 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (04/15/2014 01:10:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 4093.55 MB Available physical RAM: 2269.41 MB Total Pagefile: 8185.25 MB Available Pagefile: 5241.13 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:135.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6312B514) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
16.04.2014, 20:43 | #9 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ Die Prüfungsergebnisse von Avast sind im Anhang zu finden. Btw was muss ich alles zu dem Programm wissen? |
16.04.2014, 20:44 | #10 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Was is IE9 und ServicePack1? und ja der Computer funktioniert schon deutlich besser. Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014 Ran by Botan at 2014-04-15 22:23:29 Run:1 Running from C:\Users\Botan\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] () R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] () R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe C:\Program Files (x86)\AnyProtectEx C:\Users\Bekir&Botan\AppData\Roaming\newnext.me C:\Users\Schule\AppData\Local\WebPlayer C:\Users\Bekir&Botan\AppData\Local\Smartbar C:\ProgramData\Windows\ C:\Program Files\McAfee Security Scan C:\Program Files (x86)\PlurPush C:\Windows\system32\TesSafe.sys C:\Windows\System32\drivers\wStLibG64.sys C:\Users\Botan\AppData\Local\speedial.crx C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe C:\Users\Botan\AppData\Local\Temp\*.dll C:\Users\Botan\AppData\Local\Temp\*.exe C:\Users\Schule\AppData\Local\Temp\*.exe C:\Users\Xebat\AppData\Local\Temp\*.exe C:\Users\Schule\AppData\Local\Temp\*.dll C:\Users\Xebat\AppData\Local\Temp\*.exe ***************** HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Online Weather => Value not found. HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => Value not found. HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value not found. HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key deleted successfully. C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO => Key deleted successfully. C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll not found. CHR DefaultSearchKeyword: mysearchdial.com ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= ==> The Chrome "Settings" can be used to fix the entry. C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully. C:\Users\Botan\AppData\Local\speedial.crx => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully. "C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully. "C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. Update PlurPush => Unable to stop service Update PlurPush => Service deleted successfully. Util PlurPush => Unable to stop service Util PlurPush => Service deleted successfully. wStLibG64 => Unable to stop service wStLibG64 => Service deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1809AF3-F82A-4DB0-9E89-832BB19903CF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1809AF3-F82A-4DB0-9E89-832BB19903CF} => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully. C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully. "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found. "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me" => File/Directory not found. "C:\Users\Schule\AppData\Local\WebPlayer" => File/Directory not found. "C:\Users\Bekir&Botan\AppData\Local\Smartbar" => File/Directory not found. C:\ProgramData\Windows => Moved successfully. C:\Program Files\McAfee Security Scan => Moved successfully. "C:\Program Files (x86)\PlurPush" directory move: C:\Program Files (x86)\PlurPush\0 => Moved successfully. C:\Program Files (x86)\PlurPush\7za.exe => Moved successfully. C:\Program Files (x86)\PlurPush\PlurPush.ico => Moved successfully. C:\Program Files (x86)\PlurPush\PlurPushUninstall.exe => Moved successfully. C:\Program Files (x86)\PlurPush\updatePlurPush.exe => Moved successfully. C:\Program Files (x86)\PlurPush\updatePlurPush.InstallState => Moved successfully. C:\Program Files (x86)\PlurPush\bin\7za.exe => Moved successfully. C:\Program Files (x86)\PlurPush\bin\BrowserAdapterS.7z => Moved successfully. C:\Program Files (x86)\PlurPush\bin\FilterApp_C64.exe => Moved successfully. C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserAdapter.exe => Moved successfully. C:\Program Files (x86)\PlurPush\bin\PlurPushBA.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\PlurPushBAApp.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\sqlite3.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe => Moved successfully. C:\Program Files (x86)\PlurPush\bin\utilPlurPush.InstallState => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfs560E.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfs565D.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfsCCA4.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfsCCD3.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfsE519.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\TEMP\mfsE5A6.tmp => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.Bromon.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BrowserAdapterS.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.CompatibilityChecker.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.FFUpdate.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.IEUpdate.dll => Moved successfully. C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.PurBrowseG.dll => Moved successfully. Could not move "C:\Program Files (x86)\PlurPush" directory. => Scheduled to move on reboot. C:\Windows\system32\TesSafe.sys => Moved successfully. C:\Windows\System32\drivers\wStLibG64.sys => Moved successfully. "C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found. C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully. C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc => Moved successfully. C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm => Moved successfully. C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm => Moved successfully. C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe => Moved successfully. C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll => Moved successfully. C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\Botan\AppData\Local\Temp\*.dll => Moved successfully. C:\Users\Botan\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\Schule\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\Xebat\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\Schule\AppData\Local\Temp\*.dll => Moved successfully. "C:\Users\Xebat\AppData\Local\Temp\*.exe" => File/Directory not found. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-15 22:26:14)<= C:\Program Files (x86)\PlurPush => Moved successfully. ==== End of Fixlog ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=74c472855899634ead891d0739e14949 # engine=17910 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-16 05:18:01 # local_time=2014-04-16 07:18:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=774 16777213 71 76 73575 73615 0 0 # compatibility_mode=5893 16776573 100 94 28068 149298531 0 0 # scanned=366506 # found=30 # cleaned=0 # scan_time=17190 sh=078FB2A3E5DE54C3737A4541242A4725C02C6B9C ft=1 fh=d760d12103e04038 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MiaggnyiPPic\51c7351647449.dll.vir" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\contentscript.js.vir" sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\contentscript.js.vir" sh=B8A15E2B817C650BB246EE96D859D190BC1E2FF5 ft=1 fh=056d0132ff61be3e vn="MSIL/CoinMiner.CM trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe" sh=4FA174F176A0A3ED0C41BC6A5C54D51FACFB534F ft=1 fh=9d25dcec7d070c82 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\WindowsUpdate\rundll32.exe" sh=05ED639942CC1E49D422789CE0BAAD7ADD22D1AA ft=0 fh=0000000000000000 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\WindowsUpdate\rundll32.lnk" sh=AF403E1D2C014FEB5B49354DFFE220A4741EAECA ft=1 fh=ebb6a3c55d41b422 vn="Win32/Adware.Lollipop.H application" ac=I fn="C:\FRST\Quarantine\C\Users\Schule\AppData\Local\Temp\instloffer.exe.xBAD" sh=EA94BD6973CE722A1EBBD78554A369281FE1A2DE ft=1 fh=33e0d3904fd705f4 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Xebat\AppData\Local\Temp\LyricsPal.exe.xBAD" sh=5348BD561F3AC044DBBDAA4898D6B9D31FBFF595 ft=1 fh=1b226d3a8e8a5ffc vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Xebat\AppData\Local\Temp\lyricstmp.exe.xBAD" sh=32ADBAC553741526F9F6A537E7A97308D0CD21DF ft=1 fh=08b67f1784dc0558 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\ProgramData\AMD\KDB\dwm.exe" sh=32ADBAC553741526F9F6A537E7A97308D0CD21DF ft=1 fh=08b67f1784dc0558 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\Users\All Users\AMD\KDB\dwm.exe" sh=3F7B7CF08A07483D45A4F5A0A8C64FEE0CFBE6D1 ft=1 fh=b91e9acba36107fd vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\Users\Botan\AppData\Local\Temp\is45637729\1974874_stp.EXE" sh=9D1519C1A54ECB8A55339A5DB040C9CE9C869032 ft=1 fh=21c482d32e956120 vn="a variant of Win32/Injector.AWKK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EN1OLNNN\viewtopic[1].php" sh=49462750C925D892DAB3D690C55CACFBA3ED1894 ft=0 fh=0000000000000000 vn="JS/Kryptik.APU trojan" ac=I fn="C:\Users\Schule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YGXC6DSW\technical[1].htm" sh=9D1519C1A54ECB8A55339A5DB040C9CE9C869032 ft=1 fh=21c482d32e956120 vn="a variant of Win32/Injector.AWKK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\Low\bvtray.exe" sh=E847ABD49144BD4608A580B8D74BA9C7AE0F55BC ft=1 fh=172864099d2e4610 vn="Win32/Agent.UJJ trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp306f3a4c\23.exe" sh=BE00A8B0019A19D3B640ABBE3AE9718BB0A9AA45 ft=1 fh=dae9711f88cacd10 vn="a variant of Win32/Kryptik.BAXK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp466a6cbe\33.exe" sh=840FF4A02F82179E23CB1F6DE757CFCE47630003 ft=1 fh=bae0c0a9721e5188 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp7922a78e\ut.exe" sh=840FF4A02F82179E23CB1F6DE757CFCE47630003 ft=1 fh=bae0c0a9721e5188 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp7f8588c3\ut.exe" sh=7630F581221888E622E479C3C4BD446ECAF5A186 ft=1 fh=c101aa4c58d2b03c vn="a variant of Win32/Kryptik.BAOX trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpb7fbfa3c\13.exe" sh=AB289788E1B0BB9BB2D60DA086D61B4F631CAA02 ft=1 fh=41148c1388e53a23 vn="a variant of Win32/Kryptik.BAQL trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpc30cfb44\89.exe" sh=82BEEA0B3EAF75F1BBF65FBBABF399A97EEE6D55 ft=1 fh=c3a5cb272dbdf656 vn="a variant of Win32/Kryptik.BBAM trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpd1a23059\34.exe" sh=0ED353B6D858579DA60611D8B9033230282619E8 ft=1 fh=0e94236bc9e531e0 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpeb897682\14.exe" sh=445A281D8236F06974CA5455B98A5FDD392A270E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.O trojan" ac=I fn="C:\Users\Schule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7f5abc86-7bae5ff1" sh=436A37E289E55E56F61485E5E248D6F7246221A1 ft=1 fh=f9136369f620230b vn="a variant of Generik.MVICHXB trojan" ac=I fn="C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll" sh=8E95552B10748C10CEB5EB9C79AA07B05F5852BC ft=1 fh=f91363691ff201c1 vn="a variant of Generik.EUNPGRH trojan" ac=I fn="C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll" sh=E508ACD8F97A24F734F8CE8BA685BCBA296E5C7D ft=1 fh=858fb24a9fdda1dc vn="multiple threats" ac=I fn="C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe" sh=23B4190248082916EB94D0304A9231BAB4498BE8 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Xebat\AppData\Local\Temp\che2FC9.tmp" sh=8781D2528360A4FD04D256B9B752F64BB6B31358 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Xebat\AppData\Local\Temp\che596B.tmp" |
17.04.2014, 22:27 | #11 | ||
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo bekirikus, Zitat:
Ein Service Pack ist ein Wartungspaket für Windows, damit wird das Betriebssystem auf einen aktuellen Stand gebracht, Sicherheitslücken geschlossen, Fehler beseitigt, es ist sehr wichtig, dass beides aktuell ist. Zitat:
Schritt 1 Bitte die Funde von Avast löschen lassen. Schritt 2 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe C:\ProgramData\AMD\KDB\dwm.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
17.04.2014, 23:28 | #12 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Ich meine zu dem Virenprogramm AVAST. Was sollte ich dazu wissen? Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02 Ran by Botan at 2014-04-18 00:27:37 Run:2 Running from C:\Users\Botan\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe C:\ProgramData\AMD\KDB\dwm.exe ***************** C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll => Moved successfully. C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll => Moved successfully. C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe => Moved successfully. C:\ProgramData\AMD\KDB\dwm.exe => Moved successfully. ==== End of Fixlog ==== |
20.04.2014, 00:15 | #13 | |
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sZitat:
Fundevon Avast hattest du auch gelöscht? >OK< So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls du den ESET-Onlinescan nicht mehr benötigst, kannst Du ihn einfach über die Programmdeinstallation deinstallieren. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Falls nun noch Tools aus der Bereinigung auf deinem PC sind, kannst du diese besorgtlos selbst löschen. Updates / Programme aktualisieren
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
21.04.2014, 11:11 | #14 |
| Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Wenn ich SP1 installieren will kommt nach einiger Zeit folgende Fehlermeldung: ERROR_SXS_ASSEMBLY_MISSING (0x80073701) heißt das, dass ich zuerst die 36 anderen updates installieren sollte? |
21.04.2014, 20:14 | #15 |
Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Nein, das heißt, das dir ein wichtiger Systemordner fehlt. Ist das Ultimate legal?
|
Themen zu Internetverbindung schlecht, langsamer Computer und einfrieren des PC's |
browser, internetverbindung, java/exploit.cve-2013-2423.o, js/kryptik.apu, langsamer computer, mobogenie, mobogenie entfernen, msil/coinminer.cm, msil/coinminer.cn, nationzoom, nationzoom entfernen, seiten, verbindung, win32/adware.addlyrics.f, win32/adware.lollipop.h, win32/adware.multiplug.i, win32/adware.speedingupmypc.g, win32/adware.yontoo.b, win32/agent.ujj, win32/injector.awkk, win32/kryptik.baox, win32/kryptik.baql, win32/kryptik.baxk, win32/kryptik.bbam, win32/kryptik.bgbe, woche |