| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2014, 00:10
| #1 |
 |  Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Hallo liebe Community. Jetzt hat es auch mich erwischt. Ich habe mir laut Avira einen Trojaner eingefangen. Wie das passieren konnte ist mir unklar, hilft aber alles nichts. Gemeldet wird der Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe". Ich habe ihn mit Avira schon in die Quarantäne verschoben und auch gelöscht. Danach ergab ein kompletter System Scan nichts. Nach dem nächsten Neustart meldete sich Avira aber direkt wieder, die exakt selbe Datei macht wieder Ärger. Daran hat sich bis jetzt auch noch nichts geändert. Bevor ich weitere Schritte mache, suche ich hier jetzt erstmal Rat. Ich hoffe, man kann mir hier helfen. MfG, Marc FRST Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Marc (administrator) on MARC-PC on 20-04-2014 00:29:55
Running from C:\Users\Marc\Desktop\reinigung
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\puush\puush.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\Marc\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\system32\StikyNot.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\Run: [Spotify Web Helper] => C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-12] (Spotify Ltd)
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-10-30] ()
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\MountPoints2: {39c45a66-4ed8-11e2-9fde-806e6f6e6963} - D:\RunGame.exe
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\MountPoints2: {3d3805d3-622d-11e2-8a9b-3085a99904bf} - F:\autorun.exe Launch.hta
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\MountPoints2: {692faedf-4f70-11e2-8965-3085a99904bf} - G:\Setup.exe
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\MountPoints2: {7c867532-4e46-11e2-949c-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-518990529-3378362674-2877809929-1000\...\MountPoints2: {a2057493-d0d2-11e2-ad3f-3085a99904bf} - F:\AS_OMSI_V101.exe
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> E:\Spiele\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sapphire TRIXX.lnk
ShortcutTarget: Sapphire TRIXX.lnk -> C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/?guid={F683E892-2D4C-456E-B88C-AF8357BA25BF}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF9DD0F2072E3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKCU - {A214811F-B396-4804-A44B-D9A84E37ABC2} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10447
SearchScopes: HKCU - {A46CA4BB-3766-493D-BBA8-86952B195BD5} URL = hxxp://search.us.com/serp?guid={F683E892-2D4C-456E-B88C-AF8357BA25BF}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8RNRkXM9&i=26
BHO: LyricsSay-16 - {11111111-1111-1111-1111-110411411158} - C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-bho64.dll (Chartread32-vis)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default
FF Homepage: hxxp://www.youtube.com/feed/subscriptions
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*'))%20%7B%20return%20'PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Utility\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Marc\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll No File
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Marc\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricsSay-16 - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com [2014-03-08]
FF Extension: WOT - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-05]
FF Extension: Flash and Video Download - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-10]
FF Extension: Exif Viewer - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-12-10]
FF Extension: FoxReplace - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\fox@replace.fx.xpi [2013-11-21]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-31]
FF Extension: Page Hacker - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\pagehacker-nico@nc.xpi [2013-11-21]
FF Extension: FILSH.net Plugin - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\plugin@filsh.net.xpi [2013-10-31]
FF Extension: NoScript - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-31]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-01-18] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-01-18] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-01-18] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2013-01-18] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-22] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-17] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2013-01-18] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-18] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-09] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-10-12] (Intel Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181024 2013-04-30] (Saitek)
S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
R3 TRIXX; \??\C:\Users\Marc\AppData\Local\Temp\TRIXX.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 00:29 - 2014-04-20 00:29 - 00000000 ____D () C:\FRST
2014-04-20 00:28 - 2014-04-20 00:29 - 00000000 ____D () C:\Users\Marc\Desktop\reinigung
2014-04-20 00:27 - 2014-04-20 00:27 - 00000540 _____ () C:\Users\Marc\Desktop\defogger_disable.log
2014-04-20 00:27 - 2014-04-20 00:27 - 00000144 _____ () C:\Users\Marc\defogger_reenable
2014-04-19 23:50 - 2014-04-19 23:50 - 00000000 ____D () C:\AdwCleaner
2014-04-19 19:30 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 19:30 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 19:30 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 19:30 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 19:30 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 19:30 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 19:30 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 19:30 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 19:30 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 19:30 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 19:30 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 19:30 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 19:30 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 19:30 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 19:30 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 19:30 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 19:30 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 19:30 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 19:30 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 19:30 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 19:30 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 19:30 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 19:30 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 19:30 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 19:30 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 19:30 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 19:30 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 19:30 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 19:30 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-19 19:30 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-19 19:30 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-19 19:30 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-19 19:30 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-19 19:30 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-19 19:30 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-19 19:30 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-19 19:30 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-19 19:30 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-19 19:30 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-19 19:30 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-19 19:30 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-19 19:30 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-19 19:30 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-19 19:30 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-19 19:30 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-19 19:30 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-19 19:29 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-19 19:29 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 19:29 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 19:29 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 19:29 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 19:29 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 19:29 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 19:29 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 19:29 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 19:29 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 19:29 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 19:29 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 19:29 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 19:29 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 19:29 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 19:29 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 19:29 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 19:29 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 19:29 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 19:29 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 19:29 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-19 19:29 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-19 19:29 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-04-19 19:29 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-04-19 19:29 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-19 19:29 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-04-19 19:29 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-04-19 19:29 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-04-19 19:29 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-19 19:29 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-04-17 18:36 - 2014-04-17 18:36 - 03822704 _____ () C:\Users\Marc\Desktop\battlelog-web-plugins_2.3.2_133.exe
2014-04-17 17:28 - 2014-04-17 17:28 - 00000087 _____ () C:\Users\Marc\Desktop\ergebnis.txt
2014-04-16 23:47 - 2014-04-16 23:47 - 00000000 ____D () C:\Crash
2014-04-16 23:24 - 2014-04-16 23:24 - 00000000 ____D () C:\Users\Marc\AppData\Local\SCE
2014-04-16 22:04 - 2014-04-16 22:04 - 00000000 ____D () C:\Users\Marc\AppData\Local\Ubisoft
2014-04-14 15:50 - 2014-04-14 15:50 - 00000703 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-04-14 15:49 - 2014-04-14 15:49 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Guild Wars 2
2014-04-09 19:16 - 2014-04-09 19:16 - 00000000 ____D () C:\Users\Marc\AppData\Local\Quadriga Games
2014-04-09 18:11 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:11 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:11 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:11 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:11 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:11 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:11 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:11 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:11 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:11 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:11 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:11 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:11 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:11 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:11 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:11 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:11 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 23:28 - 2014-04-07 23:28 - 00048482 _____ () C:\Users\Marc\Desktop\IRC_Chat_2.4.jar
2014-04-07 22:10 - 2014-04-07 22:10 - 00000000 ____D () C:\Users\Marc\.jmc
2014-04-07 22:10 - 2014-04-07 22:10 - 00000000 ____D () C:\Users\Marc\.eclipse
2014-04-07 22:09 - 2014-04-07 22:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-07 22:09 - 2014-04-07 22:09 - 00000000 ____D () C:\Program Files\Java
2014-04-06 13:12 - 2014-04-06 13:12 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Marc\Downloads\clipgrab-3.4.3.exe
2014-04-06 13:12 - 2014-04-06 13:12 - 00000655 _____ () C:\Users\Public\Desktop\ClipGrab.lnk
2014-04-06 01:05 - 2014-04-06 01:15 - 00271943 _____ () C:\Users\Marc\Desktop\Wuerfel_Stochastik.jar
2014-04-06 00:31 - 2014-04-06 00:31 - 00000224 _____ () C:\Users\Marc\Desktop\▶ Bastille - Pompeii (Audien Remix) - YouTube.URL
2014-04-02 15:41 - 2014-04-02 15:42 - 00000000 ____D () C:\Users\Marc\Documents\schule
2014-03-29 20:46 - 2014-03-29 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 16:18 - 2014-03-22 16:18 - 00001757 _____ () C:\Users\Marc\Desktop\SparkIV - Verknüpfung.lnk
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ____D () C:\Users\Marc\AppData\Local\Skype
==================== One Month Modified Files and Folders =======
2014-04-20 00:29 - 2014-04-20 00:29 - 00000000 ____D () C:\FRST
2014-04-20 00:29 - 2014-04-20 00:28 - 00000000 ____D () C:\Users\Marc\Desktop\reinigung
2014-04-20 00:27 - 2014-04-20 00:27 - 00000540 _____ () C:\Users\Marc\Desktop\defogger_disable.log
2014-04-20 00:27 - 2014-04-20 00:27 - 00000144 _____ () C:\Users\Marc\defogger_reenable
2014-04-20 00:27 - 2012-12-25 23:03 - 00000000 ____D () C:\Users\Marc
2014-04-20 00:17 - 2013-10-03 19:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 00:16 - 2012-12-26 00:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 23:59 - 2012-12-26 01:28 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Spotify
2014-04-19 23:50 - 2014-04-19 23:50 - 00000000 ____D () C:\AdwCleaner
2014-04-19 23:49 - 2009-07-14 06:45 - 00015664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 23:49 - 2009-07-14 06:45 - 00015664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 23:48 - 2009-07-14 19:58 - 00702348 _____ () C:\Windows\system32\perfh007.dat
2014-04-19 23:48 - 2009-07-14 19:58 - 00150746 _____ () C:\Windows\system32\perfc007.dat
2014-04-19 23:48 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 23:47 - 2012-12-25 23:03 - 01768460 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 23:44 - 2013-10-30 04:58 - 00001884 _____ () C:\Windows\Tasks\LyricsSay-16-firefoxinstaller.job
2014-04-19 23:44 - 2013-10-30 04:58 - 00001344 _____ () C:\Windows\Tasks\LyricsSay-16-updater.job
2014-04-19 23:44 - 2013-10-30 04:58 - 00001250 _____ () C:\Windows\Tasks\LyricsSay-16-codedownloader.job
2014-04-19 23:44 - 2013-10-30 04:58 - 00001150 _____ () C:\Windows\Tasks\LyricsSay-16-enabler.job
2014-04-19 23:44 - 2013-10-03 19:51 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 23:44 - 2012-12-26 20:02 - 00000000 ____D () C:\Users\Marc\AppData\Local\LogMeIn Hamachi
2014-04-19 23:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 23:43 - 2009-07-14 06:51 - 00139734 _____ () C:\Windows\setupact.log
2014-04-19 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 22:39 - 2013-02-14 20:33 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000UA.job
2014-04-19 19:39 - 2013-02-14 20:33 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000Core.job
2014-04-18 22:41 - 2013-09-08 17:53 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Audacity
2014-04-18 11:46 - 2013-01-13 21:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-04-18 11:46 - 2012-12-26 22:21 - 00303510 _____ () C:\Windows\PFRO.log
2014-04-18 00:04 - 2012-12-26 00:46 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Skype
2014-04-17 20:33 - 2012-12-28 01:28 - 00000000 ____D () C:\ProgramData\Origin
2014-04-17 18:49 - 2012-12-26 17:57 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-17 18:40 - 2012-12-26 17:57 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-17 18:36 - 2014-04-17 18:36 - 03822704 _____ () C:\Users\Marc\Desktop\battlelog-web-plugins_2.3.2_133.exe
2014-04-17 18:32 - 2013-10-04 19:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-17 18:32 - 2012-12-26 17:57 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-17 18:31 - 2012-12-26 01:59 - 00358482 _____ () C:\Windows\DirectX.log
2014-04-17 17:39 - 2012-12-28 01:29 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Origin
2014-04-17 17:28 - 2014-04-17 17:28 - 00000087 _____ () C:\Users\Marc\Desktop\ergebnis.txt
2014-04-17 15:51 - 2012-12-26 17:58 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-17 14:41 - 2013-02-23 00:03 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\TS3Client
2014-04-16 23:47 - 2014-04-16 23:47 - 00000000 ____D () C:\Crash
2014-04-16 23:24 - 2014-04-16 23:24 - 00000000 ____D () C:\Users\Marc\AppData\Local\SCE
2014-04-16 22:05 - 2012-12-26 17:58 - 00000000 ____D () C:\Users\Marc\AppData\Local\PunkBuster
2014-04-16 22:04 - 2014-04-16 22:04 - 00000000 ____D () C:\Users\Marc\AppData\Local\Ubisoft
2014-04-16 21:56 - 2013-05-04 13:35 - 00000000 ____D () C:\Users\Marc\AppData\Local\Warframe
2014-04-16 15:53 - 2013-10-12 13:14 - 00000000 ____D () C:\Users\Marc\AppData\Local\Paint.NET
2014-04-16 15:47 - 2013-10-13 14:49 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\.minecraft
2014-04-16 10:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-15 20:45 - 2013-02-25 21:39 - 00000000 ____D () C:\Users\Marc\AppData\Local\ArmA 2 OA
2014-04-14 21:48 - 2012-12-26 01:28 - 00000000 ____D () C:\Users\Marc\AppData\Local\Spotify
2014-04-14 15:50 - 2014-04-14 15:50 - 00000703 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-04-14 15:50 - 2013-11-14 00:02 - 00000000 ____D () C:\Users\Marc\Desktop\Spiele
2014-04-14 15:49 - 2014-04-14 15:49 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Guild Wars 2
2014-04-10 21:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 23:24 - 2013-08-19 14:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:23 - 2012-12-26 00:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 19:16 - 2014-04-09 19:16 - 00000000 ____D () C:\Users\Marc\AppData\Local\Quadriga Games
2014-04-08 23:33 - 2013-10-21 19:17 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\quassel-irc.org
2014-04-08 18:50 - 2013-08-31 14:39 - 00000000 ____D () C:\freigabe
2014-04-07 23:28 - 2014-04-07 23:28 - 00048482 _____ () C:\Users\Marc\Desktop\IRC_Chat_2.4.jar
2014-04-07 22:10 - 2014-04-07 22:10 - 00000000 ____D () C:\Users\Marc\.jmc
2014-04-07 22:10 - 2014-04-07 22:10 - 00000000 ____D () C:\Users\Marc\.eclipse
2014-04-07 22:09 - 2014-04-07 22:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 22:09 - 2014-04-07 22:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-07 22:09 - 2014-04-07 22:09 - 00000000 ____D () C:\Program Files\Java
2014-04-07 22:09 - 2013-09-28 16:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-07 18:36 - 2013-12-30 20:27 - 02401074 _____ () C:\Users\Marc\Desktop\launcher^FTB_Launcher.exe
2014-04-07 18:36 - 2012-12-26 17:09 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\ftblauncher
2014-04-06 13:12 - 2014-04-06 13:12 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Marc\Downloads\clipgrab-3.4.3.exe
2014-04-06 13:12 - 2014-04-06 13:12 - 00000655 _____ () C:\Users\Public\Desktop\ClipGrab.lnk
2014-04-06 01:19 - 2012-12-26 01:27 - 00007597 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2014-04-06 01:15 - 2014-04-06 01:05 - 00271943 _____ () C:\Users\Marc\Desktop\Wuerfel_Stochastik.jar
2014-04-06 00:31 - 2014-04-06 00:31 - 00000224 _____ () C:\Users\Marc\Desktop\▶ Bastille - Pompeii (Audien Remix) - YouTube.URL
2014-04-02 15:42 - 2014-04-02 15:41 - 00000000 ____D () C:\Users\Marc\Documents\schule
2014-04-02 12:38 - 2013-11-14 00:01 - 00000000 ____D () C:\Users\Marc\Desktop\misc
2014-04-02 12:37 - 2013-06-18 13:51 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\vlc
2014-03-31 18:30 - 2013-10-31 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 09:35 - 2012-12-25 23:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 20:46 - 2014-03-29 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 20:12 - 2013-10-03 19:51 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 20:12 - 2013-10-03 19:51 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-22 16:18 - 2014-03-22 16:18 - 00001757 _____ () C:\Users\Marc\Desktop\SparkIV - Verknüpfung.lnk
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ____D () C:\Users\Marc\AppData\Local\Skype
2014-03-22 15:17 - 2012-12-26 00:46 - 00000000 ____D () C:\ProgramData\Skype
Files to move or delete:
====================
C:\Users\Marc\AppData\Roaming\CamLayout.ini
C:\Users\Marc\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Marc\AppData\Local\Temp\AutoRun.exe
C:\Users\Marc\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marc\AppData\Local\Temp\avgnt.exe
C:\Users\Marc\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Marc\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Marc\AppData\Local\Temp\Gw2.exe
C:\Users\Marc\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Marc\AppData\Local\Temp\sonarinst.exe
C:\Users\Marc\AppData\Local\Temp\xmlUpdater.exe
C:\Users\test\AppData\Local\Temp\avgnt.exe
C:\Users\test.Marc-PC\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 01:36
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Marc at 2014-04-20 00:30:10
Running from C:\Users\Marc\Desktop\reinigung
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29038 - BitTorrent Inc.)
18 WoS Extreme Trucker 2 (v.1.0) (HKLM-x32\...\18 WoS Extreme Trucker 2) (Version: 1.0 - SCS Software)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version: - )
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version: - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0 - shockingsoft.com)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Blur (HKLM-x32\...\Steam App 42640) (Version: - Bizarre Creations)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version: - Infinity Ward)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version: - )
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{6E19AEFD-7F83-4563-A7B5-F61CABF02400}) (Version: 0.91.4 - Dotjosh Studios)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - )
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
DiRT (HKLM-x32\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters)
Emergency 2014 (HKLM-x32\...\Steam App 260930) (Version: - Promotion Software)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry (HKLM-x32\...\Steam App 13520) (Version: - Crytek)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version: - Giants Software)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Geeks3D.com FurMark 1.10.3 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.51.0 - International GeoGebra Institute)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hacker Evolution - Untold (HKLM-x32\...\Steam App 70110) (Version: - exosyphen studios)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Infestation Survivor Stories version 1.0 (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: 1.0 - OP Productions LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1124 - Intel Corporation)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel(R) Network Connections 16.6.126.0 (Version: 16.6.126.0 - Intel) Hidden
Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.2003 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
ISOBURN 2.0 (HKLM-x32\...\ISOBURN) (Version: 2.0 - Dirk Paehl)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.13.1.118 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LCPD First Response (HKLM-x32\...\{42EFAA60-123F-4877-A11A-A7D02F9C6703}) (Version: 1.0 - G17 Media)
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0b - G17 Media)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lego Indiana Jones 2 (HKLM-x32\...\Steam App 32450) (Version: - )
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Livestreamer 1.4.5 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM-x32\...\LuaEdit 2010_is1) (Version: - Open Source)
LyricsSay-16 (HKLM-x32\...\LyricsSay-16) (Version: 1.29.153.3 - Chartread32-vis) <==== ATTENTION
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.5 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI Addon Manager Version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PEVSoft AssetX (HKLM-x32\...\PEVAssetX) (Version: - AJS and PEV)
PEVSoft AttachmentMaker (HKLM-x32\...\PEVattachmentmaker) (Version: - )
PEVSoft PM2IM 2 (HKLM-x32\...\PEVpm2im) (Version: 2.04 - PEVSoft)
PEVSoft Trainz Mesh Viewer 2 (HKLM-x32\...\PEVMesh_Viewer2) (Version: 2.25 - PEVSoft)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
Project Zomboid Demo (HKLM-x32\...\Steam App 264910) (Version: - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.9.1 - KDE)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RW_Tools V4 (HKCU\...\RW_Tools V4) (Version: - )
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SL-6640 Black Widow Flightstick (HKLM-x32\...\InstallShield_{10D4F38B-5436-4673-B861-F301929B373B}) (Version: 3.1 - Joellenbeck GmbH)
SL-6640 Black Widow Flightstick (x32 Version: 3.1 - Joellenbeck GmbH) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{FAB9454C-6A8D-4031-9652-8B1B1D561456}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Tom Clancy's Splinter Cell: Double Agent (HKLM-x32\...\Steam App 13580) (Version: - Ubisoft Montreal)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
Trainz Simulator 12 (HKLM-x32\...\Steam App 24670) (Version: - )
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version: - RedLynx and Ubisoft Shanghai)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
War Thunder Launcher 1.0.1.143 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Restore Points =========================
16-04-2014 20:04:06 DirectX wurde installiert
16-04-2014 21:24:12 DirectX wurde installiert
17-04-2014 15:52:08 DirectX wurde installiert
17-04-2014 16:31:40 DirectX wurde installiert
17-04-2014 16:32:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
17-04-2014 16:32:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
17-04-2014 16:32:18 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
17-04-2014 16:32:26 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
19-04-2014 17:29:40 Windows Update
19-04-2014 21:54:28 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0542CB0C-1AA1-4A93-842E-1CDB7B8F0199} - System32\Tasks\LyricsSay-16-firefoxinstaller => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-firefoxinstaller.exe [2013-10-30] (Chartread32-vis) <==== ATTENTION
Task: {44B69033-AE42-499F-8080-5EF29ADFB740} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {49BC59A8-5FB8-4E5A-A36C-096532F0B89E} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {520837FA-40F6-4CFD-9FF5-D6B1034357E6} - System32\Tasks\AutoBackup => C:\Program Files\backup.bat [2013-12-11] ()
Task: {62CE35F6-0CC7-4538-9562-49049F62F4B1} - System32\Tasks\Sapphire TRIXX => C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe [2012-04-19] ()
Task: {6C7010BA-BD8F-4CC5-A7B2-1BBCAC9C6413} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {82307622-6F2A-472D-B5E3-338E73681A51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {872C7149-D598-492F-B3B7-CDCD4408820E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000UA => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14] (Facebook Inc.)
Task: {93FB098A-F708-4EE1-93DD-1336192B3171} - System32\Tasks\{C4B790EB-DB8A-4748-B96C-BA5B38675370} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {9A4E0747-7131-41FE-8A12-23AC8AF811A7} - System32\Tasks\LyricsSay-16-enabler => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-enabler.exe [2013-10-30] (Chartread32-vis) <==== ATTENTION
Task: {A71ECD94-7E2D-4FE6-A984-6D6C04E96337} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {C29FA58C-4535-4E53-B49A-91AD927AEA81} - System32\Tasks\LyricsSay-16-updater => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-updater.exe [2013-10-30] (Chartread32-vis) <==== ATTENTION
Task: {CBE3B997-58AA-425B-BAC5-F6BACD46F7C3} - System32\Tasks\{FD3A7C76-7002-4E7F-8EF2-C6843DB9E6BA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {E59DAA59-7DBE-4EE9-A08C-466F7CBC591A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000Core => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14] (Facebook Inc.)
Task: {F20BC092-3FAE-477B-B6DC-110FA769232B} - System32\Tasks\LyricsSay-16-codedownloader => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-codedownloader.exe [2013-10-30] (Chartread32-vis) <==== ATTENTION
Task: {FCCFEB21-C2F9-40B3-A36B-CC63F31587DD} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000Core.job => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000UA.job => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsSay-16-codedownloader.job => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricsSay-16-enabler.job => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricsSay-16-firefoxinstaller.job => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricsSay-16-updater.job => C:\Program Files (x86)\LyricsSay-16\LyricsSay-16-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-01-18 20:57 - 2013-01-18 20:57 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-26 17:57 - 2014-04-17 18:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-19 17:46 - 2012-04-19 17:46 - 05479768 _____ () C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
2012-01-10 15:41 - 2013-10-30 04:57 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2013-08-29 21:36 - 2013-08-29 21:36 - 00048200 _____ () C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
2013-10-08 14:41 - 2014-04-12 14:52 - 00602680 _____ () C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-01-05 21:20 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-18 20:57 - 2014-04-19 23:43 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-01-18 20:57 - 2013-01-18 20:56 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-09-15 13:55 - 2012-05-17 18:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-09-15 13:55 - 2012-07-05 12:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-09-15 13:54 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-09-15 13:54 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-09-15 13:54 - 2012-03-21 12:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-09-15 13:55 - 2012-07-20 09:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-09-15 13:54 - 2012-05-25 10:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-09-15 13:54 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-09-15 13:54 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-09-15 13:54 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-09-15 13:54 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-01-18 20:57 - 2013-01-18 20:56 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-09-15 13:54 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-09-15 13:54 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-03-29 20:46 - 2014-03-29 20:46 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-12-26 01:28 - 2014-04-12 14:52 - 36966968 _____ () C:\Users\Marc\AppData\Roaming\Spotify\Data\libcef.dll
2014-03-12 20:16 - 2014-03-12 20:16 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-10-08 14:41 - 2014-04-12 14:52 - 00886840 _____ () C:\Users\Marc\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-08 14:41 - 2014-04-12 14:52 - 00108600 _____ () C:\Users\Marc\AppData\Roaming\Spotify\Data\libegl.dll
2014-02-13 12:19 - 2014-02-13 12:19 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\6a5120ce0c299eaf7fb32169b254822c\PSIClient.ni.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Windows7FirewallService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "E:\Utility\Itunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: Windows7FirewallControl => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2014 11:43:43 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/19/2014 07:14:18 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/19/2014 03:53:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GTAIV.exe, Version: 1.0.7.0, Zeitstempel: 0x4bd9efbe
Name des fehlerhaften Moduls: GTAIV.exe, Version: 1.0.7.0, Zeitstempel: 0x4bd9efbe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a9346
ID des fehlerhaften Prozesses: 0xcf0
Startzeit der fehlerhaften Anwendung: 0xGTAIV.exe0
Pfad der fehlerhaften Anwendung: GTAIV.exe1
Pfad des fehlerhaften Moduls: GTAIV.exe2
Berichtskennung: GTAIV.exe3
Error: (04/19/2014 01:12:24 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/18/2014 01:27:56 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/18/2014 11:46:52 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/17/2014 10:35:24 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/16/2014 09:28:43 PM) (Source: Application Hang) (User: )
Description: Programm TESV.exe, Version 1.9.32.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 75c
Startzeit: 01cf59a9b526534e
Endzeit: 40
Anwendungspfad: E:\Utility\Steam\steamapps\common\Skyrim\TESV.exe
Berichts-ID: 4c0e5673-c59d-11e3-9613-3085a99904bf
Error: (04/16/2014 07:08:53 PM) (Source: MsiInstaller) (User: Marc-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\Utility\Steam\steamapps\common\Emergency 2014\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten
Error: (04/16/2014 10:53:50 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (04/19/2014 11:44:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/19/2014 11:43:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/19/2014 09:59:32 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:29 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:26 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:23 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:20 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:16 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:13 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (04/19/2014 09:59:10 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Microsoft Office Sessions:
=========================
Error: (04/19/2014 11:43:43 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/19/2014 07:14:18 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/19/2014 03:53:23 PM) (Source: Application Error)(User: )
Description: GTAIV.exe1.0.7.04bd9efbeGTAIV.exe1.0.7.04bd9efbec0000005001a9346cf001cf5bd61374a344E:\Utility\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV_new\GTAIV.exeE:\Utility\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV_new\GTAIV.exef87c92c1-c7c9-11e3-80f6-3085a99904bf
Error: (04/19/2014 01:12:24 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/18/2014 01:27:56 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (04/18/2014 11:46:52 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/17/2014 10:35:24 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/16/2014 09:28:43 PM) (Source: Application Hang)(User: )
Description: TESV.exe1.9.32.075c01cf59a9b526534e40E:\Utility\Steam\steamapps\common\Skyrim\TESV.exe4c0e5673-c59d-11e3-9613-3085a99904bf
Error: (04/16/2014 07:08:53 PM) (Source: MsiInstaller)(User: Marc-PC)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei E:\Utility\Steam\steamapps\common\Emergency 2014\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/16/2014 10:53:50 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
CodeIntegrity Errors:
===================================
Date: 2014-04-19 23:43:46.917
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-19 19:14:21.589
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-19 13:14:37.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-18 11:48:59.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-17 10:39:38.470
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-16 10:57:22.558
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-15 11:57:06.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-12 11:25:39.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-11 14:13:03.730
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-10 14:00:42.464
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 16334.47 MB
Available physical RAM: 12988.97 MB
Total Pagefile: 32667.12 MB
Available Pagefile: 28845.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:11.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RG_6429MOLLI) (CDROM) (Total:3.37 GB) (Free:0 GB) UDF
Drive e: (Daten) (Fixed) (Total:1716.53 GB) (Free:1000.88 GB) NTFS
Drive f: (OMSI) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 06420641)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 19AE3A21)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-20 00:53:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000073 ATA_____ rev.1.5_ 119,24GB
Running: zw7egztv.exe; Driver: C:\Users\Marc\AppData\Local\Temp\kxldypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073b01a22 2 bytes [B0, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073b01ad0 2 bytes [B0, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073b01b08 2 bytes [B0, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073b01bba 2 bytes [B0, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073b01bda 2 bytes [B0, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3728] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3728] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[1368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c41465 2 bytes [C4, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c414bb 2 bytes [C4, 74]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
19.04.2014 23:51 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55ae5fb3.qua'
verschoben!
19.04.2014 23:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.04.2014 23:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.04.2014 23:37 [System-Scanner] Malware gefunden
Die Datei 'F:\Crack\Keygen.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Black.Gen2' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 7a954cb9.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.
19.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.04.2014 21:30 [System-Scanner] Malware gefunden
Die Datei 'E:\Spiele\OMSICRACK\rld-omsi.iso'
enthielt einen Virus oder unerwünschtes Programm 'TR/Black.Gen2' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 1cdf2200.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.
19.04.2014 20:27 [System-Scanner] Malware gefunden
Die Datei 'E:\Spiele\OMSICRACK\rld-omsi.iso'
enthielt einen Virus oder unerwünschtes Programm 'TR/Black.Gen2' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4e801b14.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.
19.04.2014 20:13 [System-Scanner] Malware gefunden
Die Datei 'E:\Spiele\OMSICRACK\rld-omsi.iso'
enthielt einen Virus oder unerwünschtes Programm 'TR/Black.Gen2' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 56173496.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.
19.04.2014 19:18 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
19.04.2014 19:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.04.2014 19:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.04.2014 13:13 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55cbcbf5.qua'
verschoben!
19.04.2014 13:13 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.04.2014 13:13 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
18.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.04.2014 15:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
18.04.2014 15:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.04.2014 11:48 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54bf60cc.qua'
verschoben!
18.04.2014 11:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
18.04.2014 11:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.04.2014 22:11 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ae2a4df.qua'
verschoben!
17.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
17.04.2014 21:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.04.2014 15:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
17.04.2014 15:58 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.04.2014 14:31 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Temp\44158_updater.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55cb5b81.qua'
verschoben!
17.04.2014 10:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
17.04.2014 10:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\Temp\44158_updater.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.11186992' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
20.04.2014, 12:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Ja, völlig unerklärlich wie die Malware auf deinen PC kam
__________________ Zitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
20.04.2014, 13:08
| #3 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Das ist schon sehr sehr lange her mit dem Crack, wollte das Spiel mal ausprobieren. Daher hatte ich es vergessen / ausgeschlossen, weil die warnung ja erst kürzlich auftrat. Ist jetzt aber entfernt. Mein System ist jetzt Crack frei. Entschuldigung nochmal wegen dem Regelverstoß, ich hatte den einfach vergessen.
__________________ |
|
20.04.2014, 13:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.04.2014, 10:55
| #5 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Combofix Log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 14-04-19.01 - Marc 20.04.2014 14:59:03.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16334.13601 [GMT 2:00]
ausgeführt von:: c:\users\Marc\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-20 bis 2014-04-20 ))))))))))))))))))))))))))))))
.
.
2014-04-20 13:01 . 2014-04-20 13:01 -------- d-----w- c:\users\test\AppData\Local\temp
2014-04-20 13:01 . 2014-04-20 13:01 -------- d-----w- c:\users\test.Marc-PC\AppData\Local\temp
2014-04-20 13:01 . 2014-04-20 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 22:29 . 2014-04-19 22:30 -------- d-----w- C:\FRST
2014-04-19 21:50 . 2014-04-20 10:30 -------- d-----w- C:\AdwCleaner
2014-04-19 17:29 . 2014-03-06 09:07 570368 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-04-18 09:51 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9FA5922-202C-4D69-83FF-33C8417592D9}\mpengine.dll
2014-04-16 21:47 . 2014-04-16 21:47 -------- d-----w- C:\Crash
2014-04-16 21:24 . 2014-04-16 21:24 -------- d-----w- c:\users\Marc\AppData\Local\SCE
2014-04-16 20:04 . 2014-04-16 20:04 -------- d-----w- c:\users\Marc\AppData\Local\Ubisoft
2014-04-14 13:49 . 2014-04-14 13:49 -------- d-----w- c:\users\Marc\AppData\Roaming\Guild Wars 2
2014-04-09 17:16 . 2014-04-09 17:16 -------- d-----w- c:\users\Marc\AppData\Local\Quadriga Games
2014-04-07 20:10 . 2014-04-07 20:10 -------- d-----w- c:\users\Marc\.jmc
2014-04-07 20:10 . 2014-04-07 20:10 -------- d-----w- c:\users\Marc\.eclipse
2014-04-07 20:09 . 2014-04-07 20:09 312744 ----a-w- c:\windows\system32\javaws.exe
2014-04-07 20:09 . 2014-04-07 20:09 189352 ----a-w- c:\windows\system32\javaw.exe
2014-04-07 20:09 . 2014-04-07 20:09 189352 ----a-w- c:\windows\system32\java.exe
2014-04-07 20:09 . 2014-04-07 20:09 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-07 20:09 . 2014-04-07 20:09 -------- d-----w- c:\program files\Java
2014-03-22 13:17 . 2014-03-22 13:17 -------- d-----w- c:\users\Marc\AppData\Local\Skype
2014-03-22 13:17 . 2014-03-22 13:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-22 13:17 . 2014-03-22 13:17 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-17 16:49 . 2012-12-26 15:57 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-17 16:40 . 2012-12-26 15:57 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-17 16:32 . 2012-12-26 15:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-17 13:51 . 2012-12-26 15:58 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-09 21:23 . 2012-12-25 22:00 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-12-25 21:53 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-12 18:16 . 2012-12-25 22:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:16 . 2012-12-25 22:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17 . 2014-04-09 16:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-09 18:16 . 2009-08-18 09:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-02-07 01:23 . 2014-03-12 17:16 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 17:16 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 17:16 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 17:16 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 17:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 17:16 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 17:16 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 17:16 228864 ----a-w- c:\windows\system32\wwansvc.dll
2013-12-11 20:41 . 2013-12-11 20:41 447 ----a-w- c:\program files\backup.bat
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-12 1171000]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-10-30 567880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-10-12 286720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-12-20 807696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sapphire TRIXX.lnk - c:\program files (x86)\Sapphire TRIXX\TRIXX.exe [2012-4-19 5479768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK075C;SaiK075C;c:\windows\system32\DRIVERS\SaiK075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK075C.sys [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CCB.sys [x]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 TRIXX;TRIXX;c:\users\Marc\AppData\Local\Temp\TRIXX.sys;c:\users\Marc\AppData\Local\Temp\TRIXX.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-25 18:16]
.
2014-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000Core.job
- c:\users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14 18:34]
.
2014-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-518990529-3378362674-2877809929-1000UA.job
- c:\users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14 18:34]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 17:51]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 17:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411411158}]
c:\program files (x86)\LyricsSay-16\LyricsSay-16-bho64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-08 7543912]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-03 2277992]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.us.com/?guid={F683E892-2D4C-456E-B88C-AF8357BA25BF}&serpv=5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5f7d1ce9-b232-48f1-9cef-c6178d4d4c15&searchtype=ds&q={searchTerms}&installDate=09/06/2013
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\ev1f3in1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-A2BAF Data cache removal - e:\utility\Steam\steamapps\common\Arma 2 Operation Arrowhead\BAF\datacacheremoval.exe
AddRemove-A2PMC Data cache removal - e:\utility\Steam\steamapps\common\Arma 2 Operation Arrowhead\PMC\datacacheremoval.exe
AddRemove-Audacity_is1 - e:\utility\Audacity\unins000.exe
AddRemove-Auto Clicker by Shocker_is1 - e:\utility\AutoClickerbyShocker\unins000.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - e:\utility\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - e:\utility\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe
AddRemove-Cheat Engine 6.2_is1 - e:\utility\Cheat Engine 6.2\unins000.exe
AddRemove-DAEMON Tools Lite - e:\utility\DAEMON Tools Lite\uninst.exe
AddRemove-FormatFactory - e:\utility\FormatFactory\uninst.exe
AddRemove-Fraps - e:\utility\Fraps\uninstall.exe
AddRemove-GeoGebra 4.2 - e:\utility\geogebra\uninstaller.exe
AddRemove-ISOBURN - e:\utility\ISOBURN\Uninst.exe
AddRemove-LAME_is1 - e:\utility\Lame\unins000.exe
AddRemove-LCPD First Response - e:\utility\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LCPD First Response\uninst.exe
AddRemove-LinuxLive USB Creator - e:\utility\LinuxLive USB Creator\Uninstall.exe
AddRemove-LuaEdit 2010_is1 - e:\utility\LuaEdit 2010\unins000.exe
AddRemove-LyricsSay-16 - c:\program files (x86)\LyricsSay-16\Uninstall.exe
AddRemove-Origin - e:\utility\Origin\OriginUninstall.exe
AddRemove-PEVAssetX - e:\utility\AssetX\uninstall.exe
AddRemove-PEVattachmentmaker - e:\utility\attachmentmaker\uninstall.exe
AddRemove-PEVMesh_Viewer2 - e:\utility\Mesh Viewer2\uninstall.exe
AddRemove-PEVpm2im - e:\utility\pm2im\uninstall.exe
AddRemove-PunkBusterSvc - e:\spiele\Origin\Battlefield 4\pbsvc.exe
AddRemove-Quassel - e:\utility\Quassel\uninstall.exe
AddRemove-Steam App 105600 - e:\utility\Steam\steam.exe
AddRemove-Steam App 12210 - e:\utility\Steam\steam.exe
AddRemove-Steam App 12220 - e:\utility\Steam\steam.exe
AddRemove-Steam App 13520 - e:\utility\Steam\steam.exe
AddRemove-Steam App 13580 - e:\utility\Steam\steam.exe
AddRemove-Steam App 19900 - e:\utility\Steam\steam.exe
AddRemove-Steam App 202990 - e:\utility\Steam\steam.exe
AddRemove-Steam App 203160 - e:\utility\Steam\steam.exe
AddRemove-Steam App 209160 - e:\utility\Steam\steam.exe
AddRemove-Steam App 209170 - e:\utility\Steam\steam.exe
AddRemove-Steam App 211820 - e:\utility\Steam\steam.exe
AddRemove-Steam App 218230 - e:\utility\Steam\steam.exe
AddRemove-Steam App 219540 - e:\utility\Steam\steam.exe
AddRemove-Steam App 220160 - e:\utility\Steam\steam.exe
AddRemove-Steam App 220240 - e:\utility\Steam\steam.exe
AddRemove-Steam App 220260 - e:\utility\Steam\steam.exe
AddRemove-Steam App 221100 - e:\utility\Steam\steam.exe
AddRemove-Steam App 22380 - e:\utility\Steam\steam.exe
AddRemove-Steam App 224600 - e:\utility\Steam\steam.exe
AddRemove-Steam App 227300 - e:\utility\Steam\steam.exe
AddRemove-Steam App 230410 - e:\utility\Steam\steam.exe
AddRemove-Steam App 24010 - e:\utility\Steam\steam.exe
AddRemove-Steam App 24670 - e:\utility\Steam\steam.exe
AddRemove-Steam App 247750 - e:\utility\Steam\steam.exe
AddRemove-Steam App 259080 - e:\utility\Steam\steam.exe
AddRemove-Steam App 260930 - e:\utility\Steam\steam.exe
AddRemove-Steam App 264910 - e:\utility\Steam\steam.exe
AddRemove-Steam App 272350 - e:\utility\Steam\steam.exe
AddRemove-Steam App 32450 - e:\utility\Steam\steam.exe
AddRemove-Steam App 33910 - e:\utility\Steam\steam.exe
AddRemove-Steam App 33930 - e:\utility\Steam\steam.exe
AddRemove-Steam App 3590 - e:\utility\Steam\steam.exe
AddRemove-Steam App 42640 - e:\utility\Steam\steam.exe
AddRemove-Steam App 42710 - e:\utility\Steam\steam.exe
AddRemove-Steam App 43110 - e:\utility\Steam\steam.exe
AddRemove-Steam App 43160 - e:\utility\Steam\steam.exe
AddRemove-Steam App 48000 - e:\utility\Steam\steam.exe
AddRemove-Steam App 49520 - e:\utility\Steam\steam.exe
AddRemove-Steam App 50130 - e:\utility\Steam\steam.exe
AddRemove-Steam App 65700 - e:\utility\Steam\steam.exe
AddRemove-Steam App 65720 - e:\utility\Steam\steam.exe
AddRemove-Steam App 70110 - e:\utility\Steam\steam.exe
AddRemove-Steam App 72850 - e:\utility\Steam\steam.exe
AddRemove-Steam App 730 - e:\utility\Steam\steam.exe
AddRemove-Steam App 8190 - e:\utility\Steam\steam.exe
AddRemove-Steam App 8930 - e:\utility\Steam\steam.exe
AddRemove-The Elder Scrolls Online Beta_is1 - e:\spiele\ESOLauncher\unins000.exe
AddRemove-uTorrent - c:\users\Marc\AppData\Roaming\uTorrent\uTorrent.exe
AddRemove-{32B08666-1587-435D-988C-7958A04B218A}_is1 - e:\spiele\OMSI Addon Manager\unins000.exe
AddRemove-{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1 - e:\utility\Hex-Editor MX\unins000.exe
AddRemove-{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1 - e:\utility\ClipGrab\unins000.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - e:\spiele\NFS-Underground2\EAUninstall.exe
AddRemove-{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF} - e:\spiele\MW\EAUninstall.exe
AddRemove-{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1 - e:\spiele\Infestation Survivor Stories\unins000.exe
AddRemove-{DDA3C325-47B2-4730-9672-BF3771C08799}_is1 - e:\utility\XMedia Recode\unins000.exe
AddRemove-{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1 - e:\spiele\War Thunder\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-518990529-3378362674-2877809929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-518990529-3378362674-2877809929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-518990529-3378362674-2877809929-1000\Software\SecuROM\License information*]
"datasecu"=hex:bf,c0,fe,38,d4,e1,15,ed,c9,a9,9e,54,8e,48,24,cd,89,c7,ad,72,6e,
ab,e3,9e,25,77,2b,02,81,5d,62,e2,bc,b8,24,59,3b,f1,fd,fa,de,ee,f7,fa,60,08,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-20 15:03:03
ComboFix-quarantined-files.txt 2014-04-20 13:03
ComboFix2.txt 2014-04-20 12:50
.
Vor Suchlauf: 15 Verzeichnis(se), 17.898.369.024 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 17.792.692.224 Bytes frei
.
- - End Of File - - 2EBF1C5B893D2236126A2B02AF837673
EDIT: Ich habe gerade total die Panik, weil jetzt Der Datenträger E: (meine 2tb HDD für Daten) nicht mehr korrekt erkannt wird. Wenn ich ihn über "Computer" betrachte, hat er keine Anzeige mehr, wie voll er ist. Wenn ich auf ihn zugreifen will, erscheint ein pop up, indem windows mich auffordert den datenträger zu konvertieren damit ich ihn nutzen kann. Was ist da passiert? Sry das neue Problem ist leider dringend, daher buff: "Ich habe gerade total die Panik, weil jetzt Der Datenträger E: (meine 2tb HDD für Daten) nicht mehr korrekt erkannt wird. Wenn ich ihn über "Computer" betrachte, hat er keine Anzeige mehr, wie voll er ist. Wenn ich auf ihn zugreifen will, erscheint ein pop up, indem windows mich auffordert den datenträger zu konvertieren damit ich ihn nutzen kann. Was ist da passiert?" Geändert von mlewelt (20.04.2014 um 14:17 Uhr) |
|
21.04.2014, 21:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Rechtsklick => Eigenschaften auf das betroffene Volume. Welches Dateisystem wird angezeigt?
__________________ --> Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden |
|
21.04.2014, 21:15
| #7 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Typ: Lokaler Dateinträger Dateisystem: --- (steht nichts) Belegter Speicher: 0Bytes 0Bytes Freier Speicher: 0Byes 0Bytes  |
|
21.04.2014, 21:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Ist das ne externe Platte? Wenn ja, mal disconnecten und neu anschließen. Notfalls Platte ausbauen und intern am PC anschließen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2014, 21:33
| #9 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden ist ne normale interne sata platte über sata 6gb angeschlossen. habe sie schon mehrmals abgesteckt, ohne sie hochgefahren und wieder runter, dann wieder angesteckt und wieder hoch, hat alles nichts gebracht |
|
22.04.2014, 13:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Dann musst du mal dein Glück mit Testdisk probieren => Schritt für Schritt Wiederherstellungsbeispiel - CGSecurity
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2014, 14:37
| #11 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden muss ich da was beachten bzw gibt es da weitere risiken? |
|
22.04.2014, 14:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Einfach mal den Artikel komplett durchlesen, dann kannst du immer noch gezielt nachfragen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2014, 17:03
| #13 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden Das programm fragt mich nach dem partitionstyp, standart war EFI GPT eingestellt. War ne normale nicht system windows platte. ist der typ korrekt? Okay, jetzt bin ich endgültig überfragt. Ich habe die Option "analyse" gewählt. erscheinen tut nun die gesuchte Platte, mit korrektem namen (Daten)  Ich wähle also "quick Search". Er findet 3 Partitionen. Es erscheint ein Error, dass irgendwelche summen keinen sinn ergeben oder sowas:  Dann kommt das Menü mit den grünen Auswahlen. Eine ca 200mb große EFI system partition (kp was das ist, hab ich nie erstellt) Dann eine 1999GB große Partiton (Mac HFS), und eine ca 600mb große partition (wieder Mac HFS, habe ich wieder nie erstellt)  Mit "p" lässt man sich ja Datein anzeigen. bei der 200mb System Partition findet er keine Dateien. Bei den anderen beiden Partitionen steht das der Support für diesen Datentyp während der Kompilierung nicht aktiviert wurde. Was nun tuen? Geändert von mlewelt (22.04.2014 um 17:13 Uhr) |
|
22.04.2014, 21:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden EFI/GPT kann ich mir hier nicht vorstellen. Selbst wenn es ne Platte wäre, auf der eine Systempartition von Windows drauf war/ist, das richtet erst Windows 8 mit EFI/GPT ein. Und die Platte liegt mit ihrer Kapazität deutlich noch im 32 Bit Adressfeld des MBR-Partitionsschemas. Aber was wirklich nun stimmt und wie die Platte nun wirklich genau eingerichtet war kannst nur du wissen, nicht ich. Bevor du dir mit Testdisk die Platte endgültig zerhaust würde ich zumindest nochmal mit nem Live-Linux drüberschauen ob noch was erkannt wird. Nimm am besten mal ein Lubuntu im Ausprobiermodus, denn könnte man ohne größe Nachinstalliererei auch mal den SMART-Status checken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2014, 21:33
| #15 |
| | Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden die konfiguration war einfach ne normale 300Gig Partition für Xp (war aber nie drauf, die partition war immer komplett lehr, nie was drauf gehabt). Die Partition war leer und hab die dann auch wieder gelöscht, die 300Gig waren also nicht zugeordneter Speicher, der Rest war die nornale primär partition. Geht auch Ein Live System vom Stick? EDIT: Ich habe den halben tag diese "search deeper" suche am laufen. Ist grad mal bei 10%. Kann ich die durch beenden des Programmes (X Klicken) abbrechen? |
|
| Themen zu Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden |
| 44158_updater.exe, antivir, antivirus, avira, bluestacks, bonjour, branding, browser, desktop, error, failed, firefox, flash player, homepage, launch, malware, mozilla, object, realtek, registry, scan, secure search, security, services.exe, software, spotify web helper, svchost.exe, system, tr/rogue.11186992, trojaner, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
