| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Download Viren/Adware/PUPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2014, 19:58
| #1 |
| |  Nach Download Viren/Adware/PUP Hallo erstmal  Dann fange ich mal an: Ich habe gerade den YTDownloader runtergeladen (CHIP) und es mit Avira gescannt. Da kam keine Meldung. Allerdings musste ich bei der Installation vom Downloader etwas runterladen. Da habe ich ALLE häckchen weggemacht. Trotzdem hatte ich wohl Adware. Das fiel mir auf, als plötzlich eine Meldung kam mit Online Backup aktiviren. Ich habe darauf geklickt, doch es kam mir schon von Anfang an komisch vor. Als dann 2 weitere Meldungen kamen, habe ich den ADWCleaner heruntergeladen. Er hat etws gefunden. ( irgendetwas mit MyBackup. Also ich hatte Recht.) Ich habe alles gelösht, PC neu gestartet und danach Malwarebytes alles scannen lassen. MB (= MalwareBytes) hat folgendes 19 mal gefunden: PUP.Optional.Spigot.A . ich habe alles in Quaratäne getan. Ist der Virus/PUP jetzt weg??? PS:  |
|
19.07.2014, 20:27
| #2 |
| /// the machine /// TB-Ausbilder    |  Nach Download Viren/Adware/PUP hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.07.2014, 20:37
| #3 |
| | Nach Download Viren/Adware/PUP Das ist Additon.txt Ich habe das andre irgendwie gelöscht und ein neuen Scan gemacht. Soll ich den posten ( also von FRST.txt)
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Florian_2 at 2014-07-19 21:30:44
Running from C:\Users\Florian_2\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
18 WoS Across America (HKLM-x32\...\InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}) (Version: 0.2.0000 - ValuSoft)
18 WoS Across America (x32 Version: 0.2.0000 - ValuSoft) Hidden
18 WoS: Voll aufs Gas (HKLM-x32\...\{39286675-3166-9420-2336-779493021964}) (Version: 1.0 - rondomedia)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30613 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9770EA17-52C1-78A7-C3B3-59F0A2091BAE}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2013.0613.2225.38432 - Ihr Firmenname) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{142be4a8-895b-4ed9-b1ff-11c76357e3df}) (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.1.651 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.4.93 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0613.2225.38432 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0613.2225.38432 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0613.2225.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0613.2224.38432 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0613.2225.38432 - Advanced Micro Devices, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Colin McRae Rally 04 (HKLM-x32\...\{F8718F95-21A1-44B9-97EC-679C93020BAE}) (Version: 1.00.000 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.24.203_WHQL (HKLM\...\Elantech) (Version: 11.6.24.203 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.193 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Midtown Madness (HKLM-x32\...\Midtown Madness 1.0) (Version: - )
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Moorhuhn Kart 2 XXL (HKLM-x32\...\{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}) (Version: - )
Moorhuhn Kart 3 (HKLM-x32\...\{46376BAF-996E-410E-82B2-5D9E61820E6D}) (Version: 1.00.0000 - )
Moorhuhn Winter-Edition (HKLM-x32\...\Moorhuhn Winter-Edition) (Version: - )
Moorhuhn-Total 3 (HKLM-x32\...\{8775DE7C-A742-494C-92C5-448315ECFE1A}) (Version: 1.00.0000 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MultitrackStudio Lite 7.61 (64-bit) (HKLM\...\MultitrackStudio64_is1) (Version: - Bremmers Audio Design)
MultitrackStudio Lite 7.61 (HKLM-x32\...\MultitrackStudio_is1) (Version: - Bremmers Audio Design)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.266.1.172 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2014-05-23 02:10 - 2014-05-23 02:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-04-15 11:23 - 2013-04-15 11:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 11:20 - 2013-04-15 11:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-15 11:25 - 2013-04-15 11:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Florian\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Florian_2\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2014 09:11:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a78
Startzeit: 01cfa3847fa5776a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 732edd06-0f78-11e4-be99-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:41:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a54
Startzeit: 01cfa3804ec34916
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 424a4027-0f74-11e4-be99-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:27:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ffc
Startzeit: 01cfa37e57b3b805
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 4e8ddaff-0f72-11e4-be99-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:12:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ff8
Startzeit: 01cfa37c4d194ea5
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 40a1ab0c-0f70-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 07:45:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16dc
Startzeit: 01cfa37891f1a907
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8577f8f3-0f6c-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 07:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b44
Startzeit: 01cfa377d8e94f16
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: ccce2ef0-0f6b-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 02:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01cfa34b3e60420c
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 31e857fb-0f3f-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 01:51:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1698
Startzeit: 01cfa3470d7fd744
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 01062e48-0f3b-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 01:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12bc
Startzeit: 01cfa342dc9e0217
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: d023cb4c-0f36-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 00:44:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c54
Startzeit: 01cfa33db0962db2
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: a417b826-0f31-11e4-be98-a4db308a0b64
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (07/19/2014 08:21:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/19/2014 08:21:09 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (07/19/2014 08:20:34 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.
Error: (07/18/2014 08:29:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/18/2014 08:29:59 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (07/18/2014 08:29:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.
Error: (07/18/2014 08:29:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.07.2014 um 16:56:03 unerwartet heruntergefahren.
Error: (07/18/2014 04:16:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/18/2014 04:16:07 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (07/18/2014 04:15:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.
Microsoft Office Sessions:
=========================
Error: (07/19/2014 09:11:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498a7801cfa3847fa5776a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe732edd06-0f78-11e4-be99-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:41:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498a5401cfa3804ec349164294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe424a4027-0f74-11e4-be99-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:27:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498ffc01cfa37e57b3b8054294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe4e8ddaff-0f72-11e4-be99-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 08:12:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498ff801cfa37c4d194ea54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe40a1ab0c-0f70-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 07:45:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049816dc01cfa37891f1a9074294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe8577f8f3-0f6c-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 07:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498b4401cfa377d8e94f164294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.execcce2ef0-0f6b-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 02:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498f6401cfa34b3e60420c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe31e857fb-0f3f-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 01:51:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498169801cfa3470d7fd7444294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe01062e48-0f3b-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 01:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049812bc01cfa342dc9e02174294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exed023cb4c-0f36-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (07/19/2014 00:44:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498c5401cfa33db0962db24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exea417b826-0f31-11e4-be98-a4db308a0b64microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 7621.01 MB
Available physical RAM: 5799.7 MB
Total Pagefile: 15301.01 MB
Available Pagefile: 13248.49 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:915.22 GB) (Free:854.89 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
OK nach dem 2. Scan : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014 Ran by Florian_2 (ATTENTION: The logged in user is not administrator) on FLORIANS-PC on 19-07-2014 21:33:29 Running from C:\Users\Florian_2\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-03-18] (Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Atheros Communications)) HKU\S-1-5-21-1159793628-760075510-2819493360-1004\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {CFD109C2-4EA6-443F-A846-6631C0F10704} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default FF SearchEngineOrder.1: Sichere Suche FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE662&p= FF NetworkProxy: "backup.ftp", "176.31.241.53:3128" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "176.31.241.53:3128" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "176.31.241.53:3128" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "158.87.69.25" FF NetworkProxy: "ftp_port", 1 FF NetworkProxy: "http", "158.87.69.25" FF NetworkProxy: "http_port", 1 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "158.87.69.25" FF NetworkProxy: "socks_port", 1 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "ssl", "158.87.69.25" FF NetworkProxy: "ssl_port", 1 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\Extensions\abs@avira.com [2014-07-08] FF Extension: ProxTube - Unblock YouTube - C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\Extensions\ich@maltegoetz.de [2014-05-12] FF Extension: Adblock Plus - C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-18] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-27] Chrome: ======= CHR HomePage: https://www.google.de/ CHR Extension: (Google Docs) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23] CHR Extension: (Google Drive) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23] CHR Extension: (YouTube) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23] CHR Extension: (Google Cast) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-25] CHR Extension: (Adblock Plus) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-02] CHR Extension: (Google-Suche) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23] CHR Extension: (SiteAdvisor) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-23] CHR Extension: (Google Wallet) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23] CHR Extension: (Google Mail) - C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-14] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 21:30 - 2014-07-19 21:30 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt 2014-07-19 21:29 - 2014-07-19 21:33 - 00018174 _____ () C:\Users\Florian_2\Downloads\FRST.txt 2014-07-19 21:29 - 2014-07-19 21:33 - 00000000 ____D () C:\FRST 2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Downloads\FRST64.exe 2014-07-19 20:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-19 20:17 - 2014-07-19 20:19 - 00000000 ____D () C:\AdwCleaner 2014-07-19 20:16 - 2014-07-19 20:17 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe 2014-07-19 20:15 - 2014-07-19 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2014-07-19 20:06 - 2014-07-19 20:15 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-07-19 20:02 - 2014-07-19 20:04 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe 2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de 2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-07-19 19:44 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-07-19 19:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-07-19 19:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-07-19 19:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-07-19 19:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-07-19 19:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-07-19 19:43 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-07-19 19:43 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2014-07-19 19:43 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live 2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe 2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov 2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik 2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm 2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt 2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt 2014-07-18 16:06 - 2014-07-18 16:08 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip 2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun 2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution 2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip 2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private 2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW 2014-07-18 15:56 - 2014-07-18 15:57 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW 2014-07-18 15:50 - 2014-07-18 15:52 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk 2014-07-12 10:30 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-12 10:21 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-12 10:21 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-12 10:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-12 10:21 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-12 10:21 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-12 10:21 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-12 10:21 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-12 10:21 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-12 10:21 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-12 10:21 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-12 10:21 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-12 10:21 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-12 10:21 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-12 10:21 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-12 10:21 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-12 10:21 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-12 10:21 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-12 10:21 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-12 10:21 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-12 10:21 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-12 10:21 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-12 10:21 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-12 10:21 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-12 10:21 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-12 10:21 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-12 10:21 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-12 10:21 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-12 10:21 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-12 10:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-12 10:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-12 10:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-12 10:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-12 10:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-12 10:20 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-12 10:20 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-12 10:20 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-12 10:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-12 10:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-12 10:20 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-12 10:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-12 10:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-12 10:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-12 10:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-12 10:20 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-12 10:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-12 10:20 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-12 10:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-12 10:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-12 10:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-12 10:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-12 10:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-12 10:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-12 10:18 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-12 10:18 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-12 10:16 - 2014-07-12 10:19 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip 2014-07-12 10:11 - 2014-07-12 10:15 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip 2014-07-12 09:36 - 2014-07-12 09:47 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip 2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World 2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut 2014-06-28 00:25 - 2014-06-28 00:26 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe 2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi 2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid 2014-06-27 23:57 - 2014-06-30 17:33 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam 2014-06-27 23:57 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT 2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk 2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk 2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam 2014-06-27 23:53 - 2014-06-27 23:54 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe 2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid 2014-06-24 15:29 - 2014-06-24 15:31 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3 2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip ==================== One Month Modified Files and Folders ======= 2014-07-19 21:33 - 2014-07-19 21:29 - 00018174 _____ () C:\Users\Florian_2\Downloads\FRST.txt 2014-07-19 21:33 - 2014-07-19 21:29 - 00000000 ____D () C:\FRST 2014-07-19 21:30 - 2014-07-19 21:30 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt 2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Downloads\FRST64.exe 2014-07-19 21:17 - 2014-04-13 15:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-19 21:06 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian_2 2014-07-19 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-19 20:48 - 2014-06-14 06:06 - 01811648 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-19 20:41 - 2014-04-23 22:25 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-19 20:25 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-19 20:25 - 2014-03-18 11:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-19 20:25 - 2014-03-18 11:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-19 20:23 - 2014-04-23 22:25 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-19 20:22 - 2014-06-14 17:52 - 00000000 ___RD () C:\Users\Florian_2\OneDrive 2014-07-19 20:21 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-19 20:20 - 2014-03-18 03:50 - 00165864 _____ () C:\WINDOWS\PFRO.log 2014-07-19 20:19 - 2014-07-19 20:17 - 00000000 ____D () C:\AdwCleaner 2014-07-19 20:17 - 2014-07-19 20:16 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe 2014-07-19 20:15 - 2014-07-19 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2014-07-19 20:15 - 2014-07-19 20:06 - 00000000 ____D () C:\ProgramData\YTD Video Downloader 2014-07-19 20:04 - 2014-07-19 20:02 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe 2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de 2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-07-19 19:45 - 2014-07-19 19:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-07-19 19:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-19 19:43 - 2014-04-23 12:39 - 00368732 _____ () C:\WINDOWS\DirectX.log 2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live 2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe 2014-07-19 19:35 - 2014-04-13 15:57 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Atheros 2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov 2014-07-19 14:40 - 2014-06-16 14:36 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Synthesia 2014-07-19 14:40 - 2014-06-09 01:02 - 00001024 _____ () C:\Users\Florian_2\Desktop\Sandboxed Web Browser.lnk 2014-07-19 14:32 - 2014-04-22 22:22 - 00000000 ____D () C:\Users\Florian_2\Documents\Bluetooth Folder 2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik 2014-07-19 12:36 - 2014-05-25 17:00 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\Adobe 2014-07-19 12:32 - 2014-04-24 19:09 - 00002271 _____ () C:\Users\Florian_2\Desktop\Google Chrome.lnk 2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm 2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt 2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg 2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt 2014-07-18 21:44 - 2014-04-24 19:21 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\.minecraft 2014-07-18 20:41 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian 2014-07-18 16:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-18 16:22 - 2014-05-16 18:45 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-07-18 16:08 - 2014-07-18 16:06 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip 2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun 2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution 2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip 2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private 2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW 2014-07-18 15:57 - 2014-07-18 15:56 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW 2014-07-18 15:56 - 2013-08-22 16:46 - 00326139 _____ () C:\WINDOWS\setupact.log 2014-07-18 15:52 - 2014-07-18 15:50 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk 2014-07-18 15:52 - 2014-06-06 19:35 - 00000000 ____D () C:\Users\Florian_2\Desktop\SNES 2014-07-15 02:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-14 20:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-07-12 20:12 - 2014-06-09 01:02 - 00001508 _____ () C:\WINDOWS\Sandboxie.ini 2014-07-12 10:52 - 2014-04-13 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-12 10:52 - 2013-08-22 16:44 - 05168320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-12 10:33 - 2014-04-14 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-12 10:33 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-12 10:31 - 2014-04-14 17:20 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-12 10:30 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-12 10:19 - 2014-07-12 10:16 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip 2014-07-12 10:15 - 2014-07-12 10:11 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip 2014-07-12 09:47 - 2014-07-12 09:36 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip 2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World 2014-07-07 12:24 - 2014-04-23 20:11 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\CrashDumps 2014-07-04 19:23 - 2014-06-09 03:01 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\vlc 2014-07-03 21:04 - 2013-05-27 14:55 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-06-30 17:33 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam 2014-06-28 00:41 - 2014-04-24 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps 2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut 2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut 2014-06-28 00:26 - 2014-06-28 00:25 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe 2014-06-28 00:26 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT 2014-06-28 00:10 - 2014-06-14 05:52 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi 2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid 2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk 2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk 2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam 2014-06-27 23:54 - 2014-06-27 23:53 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe 2014-06-27 23:31 - 2014-06-06 19:37 - 00000000 ____D () C:\Users\Florian_2\Desktop\GAMEBOY 2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid 2014-06-24 15:31 - 2014-06-24 15:29 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3 2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip 2014-06-24 15:04 - 2014-04-18 16:31 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-06-19 03:39 - 2014-07-12 10:21 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-19 02:48 - 2014-07-12 10:21 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-19 02:16 - 2014-07-12 10:21 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-19 02:09 - 2014-07-12 10:21 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-19 01:51 - 2014-07-12 10:21 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-12 10:21 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-12 10:21 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-19 01:46 - 2014-07-12 10:21 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-06-19 01:39 - 2014-07-12 10:21 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-19 01:33 - 2014-07-12 10:21 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-12 10:21 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-19 01:27 - 2014-07-12 10:21 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-19 01:12 - 2014-07-12 10:21 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-19 00:59 - 2014-07-12 10:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-12 10:21 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-19 00:58 - 2014-07-12 10:21 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-19 00:57 - 2014-07-12 10:21 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-06-19 00:52 - 2014-07-12 10:21 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-12 10:21 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-12 10:21 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-19 00:45 - 2014-07-12 10:21 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-12 10:21 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-12 10:21 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-12 10:21 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-12 10:21 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-12 10:21 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-12 10:21 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Florian\AppData\Local\Temp\avgnt.exe C:\Users\Florian\AppData\Local\Temp\BackupSetup.exe C:\Users\Florian\AppData\Local\Temp\bdfilters.dll C:\Users\Florian\AppData\Local\Temp\Quarantine.exe C:\Users\Florian_2\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Geändert von Virenzumir (19.07.2014 um 21:34 Uhr) |
|
20.07.2014, 16:21
| #4 |
| /// the machine /// TB-Ausbilder | Nach Download Viren/Adware/PUP UNsere Tools brauchen immer Adminrechte. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2014, 17:02
| #5 |
| | Nach Download Viren/Adware/PUP Ich hab ADW cleaner schon installiert. Soll ich ihn erneut Herunterladen ? Ich habe gestern schon ADW Cleaner laufen lassen. Das Logfile von heute: Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 20/07/2014 um 17:33:40
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Florian - FLORIANS-PC
# Gestartet von : C:\Users\Florian\Desktop\adwcleaner_3.216 (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\1swe5zhw.default\prefs.js ]
[ Datei : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\8438jsrh.default\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Florian_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3748 octets] - [19/07/2014 20:17:19]
AdwCleaner[R1].txt - [1355 octets] - [20/07/2014 17:32:21]
AdwCleaner[S0].txt - [3691 octets] - [19/07/2014 20:19:18]
AdwCleaner[S1].txt - [1276 octets] - [20/07/2014 17:33:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1336 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Florian on 20.07.2014 at 17:49:26,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2014 at 17:57:46,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
20.07.2014, 18:39
| #6 |
| | Nach Download Viren/Adware/PUP Ich hab vira wieder angemacht und jetzt auf "Trotzdem Ausführen" gedrückt. Hier der 3. Log: Code:
ATTFilter Farbar Service Scanner Version: 18-07-2014
Ran by Florian (administrator) on 20-07-2014 at 18:59:39
Running from "C:\Users\Florian\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Florian (administrator) on FLORIANS-PC on 20-07-2014 19:38:12
Running from C:\Users\Florian\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Atheros Communications))
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Browser Extensions] => "C:\Users\Florian\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6BCFFDA8-F077-4580-9F00-94C973E658A1} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\1swe5zhw.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\1swe5zhw.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-27]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-27]
CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-27]
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-27]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-27]
CHR Extension: (SiteAdvisor) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-27]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-27]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-20 19:38 - 2014-07-20 19:38 - 00017826 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-07-20 19:37 - 2014-07-20 19:37 - 02089984 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-07-20 18:59 - 2014-07-20 18:59 - 00002923 _____ () C:\Users\Florian\Downloads\FSS.txt
2014-07-20 18:00 - 2014-07-20 18:00 - 00415232 _____ (Farbar) C:\Users\Florian\Downloads\FSS.exe
2014-07-20 17:57 - 2014-07-20 17:57 - 00000988 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-07-20 17:49 - 2014-07-20 17:49 - 01016261 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2014-07-20 17:49 - 2014-07-20 17:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-20 17:31 - 2014-07-20 17:31 - 01354223 _____ () C:\Users\Florian\Desktop\adwcleaner_3.216 (1).exe
2014-07-20 14:10 - 2014-07-20 14:10 - 04598217 _____ () C:\Users\Florian_2\Desktop\Intro1.mp4
2014-07-20 13:52 - 2014-07-20 13:54 - 00332398 _____ () C:\Users\Florian_2\Desktop\videoplayback (37).mp4
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieUserList
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieSiteList
2014-07-20 01:14 - 2014-07-20 01:14 - 00018273 _____ () C:\Users\Florian_2\Downloads\FRAGE.htm
2014-07-20 01:13 - 2014-07-20 01:13 - 00008470 _____ () C:\Users\Florian_2\Documents\Mein Film.wlmp
2014-07-19 21:30 - 2014-07-19 21:34 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt
2014-07-19 21:29 - 2014-07-20 19:38 - 00000000 ____D () C:\FRST
2014-07-19 21:29 - 2014-07-19 21:34 - 00046209 _____ () C:\Users\Florian_2\Downloads\FRST.txt
2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Desktop\FRST64.exe
2014-07-19 20:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-19 20:17 - 2014-07-20 17:34 - 00000000 ____D () C:\AdwCleaner
2014-07-19 20:16 - 2014-07-19 20:17 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe
2014-07-19 20:02 - 2014-07-19 20:04 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe
2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de
2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-19 19:44 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-07-19 19:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-07-19 19:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-07-19 19:43 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-07-19 19:43 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-07-19 19:43 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live
2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe
2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov
2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik
2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm
2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt
2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt
2014-07-18 16:06 - 2014-07-18 16:08 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip
2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun
2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution
2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW
2014-07-18 15:56 - 2014-07-18 15:57 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW
2014-07-18 15:50 - 2014-07-18 15:52 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk
2014-07-12 10:30 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 10:21 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 10:21 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 10:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-12 10:21 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 10:21 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 10:21 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 10:21 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 10:21 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 10:21 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 10:21 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 10:21 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-12 10:21 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 10:21 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-12 10:21 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-12 10:21 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 10:21 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-12 10:21 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-12 10:21 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-12 10:21 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 10:21 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-12 10:21 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-12 10:21 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-12 10:21 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 10:21 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 10:21 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-12 10:21 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-12 10:21 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-12 10:21 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 10:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-12 10:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 10:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 10:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 10:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-12 10:20 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 10:20 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-12 10:20 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 10:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 10:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 10:20 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 10:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-12 10:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-12 10:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 10:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 10:20 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 10:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-12 10:20 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-12 10:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 10:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 10:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-12 10:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-12 10:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-12 10:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-12 10:18 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 10:18 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-12 10:16 - 2014-07-12 10:19 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip
2014-07-12 10:11 - 2014-07-12 10:15 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip
2014-07-12 09:36 - 2014-07-12 09:47 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip
2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World
2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut
2014-06-28 00:25 - 2014-06-28 00:26 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe
2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi
2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid
2014-06-27 23:57 - 2014-06-30 17:33 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam
2014-06-27 23:57 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-06-27 23:53 - 2014-06-27 23:54 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe
2014-06-27 22:43 - 2014-06-27 22:43 - 00676896 _____ () C:\WINDOWS\Minidump\062714-38843-01.dmp
2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid
2014-06-24 15:29 - 2014-06-24 15:31 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3
2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip
==================== One Month Modified Files and Folders =======
2014-07-20 19:38 - 2014-07-20 19:38 - 00017826 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-07-20 19:38 - 2014-07-19 21:29 - 00000000 ____D () C:\FRST
2014-07-20 19:37 - 2014-07-20 19:37 - 02089984 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-07-20 19:17 - 2014-04-13 15:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-20 18:59 - 2014-07-20 18:59 - 00002923 _____ () C:\Users\Florian\Downloads\FSS.txt
2014-07-20 18:41 - 2014-04-23 22:25 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 18:12 - 2014-06-14 06:06 - 01893961 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 18:10 - 2014-04-13 15:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159793628-760075510-2819493360-1001
2014-07-20 18:00 - 2014-07-20 18:00 - 00415232 _____ (Farbar) C:\Users\Florian\Downloads\FSS.exe
2014-07-20 17:57 - 2014-07-20 17:57 - 00000988 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-07-20 17:49 - 2014-07-20 17:49 - 01016261 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2014-07-20 17:49 - 2014-07-20 17:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-20 17:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-20 17:41 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-20 17:41 - 2014-03-18 11:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-20 17:41 - 2014-03-18 11:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-20 17:38 - 2014-06-14 06:15 - 00000000 __RDO () C:\Users\Florian\OneDrive
2014-07-20 17:36 - 2014-04-23 22:25 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 17:35 - 2014-03-18 03:50 - 00166174 _____ () C:\WINDOWS\PFRO.log
2014-07-20 17:35 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-20 17:34 - 2014-07-19 20:17 - 00000000 ____D () C:\AdwCleaner
2014-07-20 17:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-20 17:31 - 2014-07-20 17:31 - 01354223 _____ () C:\Users\Florian\Desktop\adwcleaner_3.216 (1).exe
2014-07-20 17:26 - 2014-04-27 12:41 - 00000000 ____D () C:\Users\Florian\Documents\Bluetooth Folder
2014-07-20 17:25 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian
2014-07-20 17:25 - 2014-04-27 12:38 - 00002271 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-07-20 14:10 - 2014-07-20 14:10 - 04598217 _____ () C:\Users\Florian_2\Desktop\Intro1.mp4
2014-07-20 13:54 - 2014-07-20 13:52 - 00332398 _____ () C:\Users\Florian_2\Desktop\videoplayback (37).mp4
2014-07-20 10:34 - 2014-04-14 12:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159793628-760075510-2819493360-1004
2014-07-20 10:08 - 2014-05-25 17:00 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\Adobe
2014-07-20 10:05 - 2014-06-14 17:52 - 00000000 ___RD () C:\Users\Florian_2\OneDrive
2014-07-20 10:05 - 2014-04-13 15:57 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Atheros
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieUserList
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieSiteList
2014-07-20 01:14 - 2014-07-20 01:14 - 00018273 _____ () C:\Users\Florian_2\Downloads\FRAGE.htm
2014-07-20 01:13 - 2014-07-20 01:13 - 00008470 _____ () C:\Users\Florian_2\Documents\Mein Film.wlmp
2014-07-20 01:10 - 2014-04-22 22:22 - 00000000 ____D () C:\Users\Florian_2\Documents\Bluetooth Folder
2014-07-19 21:34 - 2014-07-19 21:30 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt
2014-07-19 21:34 - 2014-07-19 21:29 - 00046209 _____ () C:\Users\Florian_2\Downloads\FRST.txt
2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Desktop\FRST64.exe
2014-07-19 21:06 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian_2
2014-07-19 20:17 - 2014-07-19 20:16 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe
2014-07-19 20:04 - 2014-07-19 20:02 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe
2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de
2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-19 19:45 - 2014-07-19 19:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-07-19 19:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-19 19:43 - 2014-04-23 12:39 - 00368732 _____ () C:\WINDOWS\DirectX.log
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live
2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe
2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov
2014-07-19 14:40 - 2014-06-16 14:36 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Synthesia
2014-07-19 14:40 - 2014-06-09 01:02 - 00001024 _____ () C:\Users\Florian_2\Desktop\Sandboxed Web Browser.lnk
2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik
2014-07-19 12:32 - 2014-04-24 19:09 - 00002271 _____ () C:\Users\Florian_2\Desktop\Google Chrome.lnk
2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm
2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt
2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt
2014-07-18 21:44 - 2014-04-24 19:21 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\.minecraft
2014-07-18 16:22 - 2014-05-16 18:45 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-18 16:08 - 2014-07-18 16:06 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip
2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun
2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution
2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW
2014-07-18 15:57 - 2014-07-18 15:56 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW
2014-07-18 15:56 - 2013-08-22 16:46 - 00326139 _____ () C:\WINDOWS\setupact.log
2014-07-18 15:52 - 2014-07-18 15:50 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk
2014-07-18 15:52 - 2014-06-06 19:35 - 00000000 ____D () C:\Users\Florian_2\Desktop\SNES
2014-07-15 02:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-14 20:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-12 20:12 - 2014-06-09 01:02 - 00001508 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-12 10:52 - 2014-04-13 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-12 10:52 - 2013-08-22 16:44 - 05168320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 10:33 - 2014-04-14 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 10:33 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 10:31 - 2014-04-14 17:20 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 10:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-12 10:30 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 10:19 - 2014-07-12 10:16 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip
2014-07-12 10:15 - 2014-07-12 10:11 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip
2014-07-12 09:47 - 2014-07-12 09:36 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip
2014-07-08 20:18 - 2014-04-13 15:37 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World
2014-07-07 12:24 - 2014-04-23 20:11 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\CrashDumps
2014-07-04 19:23 - 2014-06-09 03:01 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\vlc
2014-07-03 21:04 - 2013-05-27 14:55 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-30 17:33 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam
2014-06-28 00:41 - 2014-04-24 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut
2014-06-28 00:26 - 2014-06-28 00:25 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe
2014-06-28 00:26 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT
2014-06-28 00:10 - 2014-06-14 05:52 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi
2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-06-27 23:54 - 2014-06-27 23:53 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe
2014-06-27 23:36 - 2014-04-23 22:25 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-27 23:36 - 2014-04-23 22:25 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-27 23:31 - 2014-06-06 19:37 - 00000000 ____D () C:\Users\Florian_2\Desktop\GAMEBOY
2014-06-27 22:43 - 2014-06-27 22:43 - 00676896 _____ () C:\WINDOWS\Minidump\062714-38843-01.dmp
2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid
2014-06-24 15:31 - 2014-06-24 15:29 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3
2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip
2014-06-24 15:04 - 2014-04-18 16:31 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Florian\AppData\Local\Temp\bdfilters.dll
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian_2\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 18:10
==================== End Of Log ============================
--- --- --- |
|
21.07.2014, 10:42
| #7 |
| /// the machine /// TB-Ausbilder | Nach Download Viren/Adware/PUP http://www.trojaner-board.de/126216-...epair-aio.html Das laufen lassen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2014, 20:47
| #8 |
| | Nach Download Viren/Adware/PUP Hier das 1. Logfile von Windows Repair: Code:
ATTFilter System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: FLORIANS-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Florian
Current Profile SID: S-1-5-21-1159793628-760075510-2819493360-1001
Current Profile Classes: S-1-5-21-1159793628-760075510-2819493360-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Florian\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:41:17
Process Count: 70
Commit Total: 1,71 GB
Commit Limit: 14,94 GB
Commit Peak: 1,87 GB
Handle Count: 25111
Kernel Total: 515,15 MB
Kernel Paged: 395,69 MB
Kernel Non Paged: 119,46 MB
System Cache: 5,61 GB
Thread Count: 881
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,44 GB
Memory Used: 1,59 GB(21,2974%)
Memory Avail.: 5,86 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,44 GB
Memory Used: 1,18 GB(15,9143%)
Memory Avail.: 6,26 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (21.07.2014 18:04:38)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (21.07.2014 18:04:42)
Running Repair Under Current User Account
Done (21.07.2014 18:04:52)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (21.07.2014 18:04:52)
Running Repair Under System Account
Done (21.07.2014 18:08:28)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (21.07.2014 18:08:28)
Running Repair Under System Account
Done (21.07.2014 18:09:32)
03 - Register System Files
Start (21.07.2014 18:09:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:10:12)
04 - Repair WMI
Start (21.07.2014 18:10:12)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Avira Desktop Exported.
Windows Defender Exported.
Exporting AntiSpyware Info...
Avira Desktop Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (21.07.2014 18:19:43)
05 - Repair Windows Firewall
Start (21.07.2014 18:19:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:20:18)
06 - Repair Internet Explorer
Start (21.07.2014 18:20:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:21:33)
07 - Repair MDAC/MS Jet
Start (21.07.2014 18:21:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:22:26)
08 - Repair Hosts File
Start (21.07.2014 18:22:26)
Running Repair Under System Account
Done (21.07.2014 18:22:28)
09 - Remove Policies Set By Infections
Start (21.07.2014 18:22:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:22:33)
10 - Repair Start Menu Icons Removed By Infections
Start (21.07.2014 18:22:33)
Running Repair Under System Account
Done (21.07.2014 18:22:35)
11 - Repair Icons
Start (21.07.2014 18:22:36)
Running Repair Under Current User Account
Done (21.07.2014 18:22:38)
12 - Repair Winsock & DNS Cache
Start (21.07.2014 18:22:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:22:53)
14 - Repair Proxy Settings
Start (21.07.2014 18:22:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:22:58)
16 - Repair Windows Updates
Start (21.07.2014 18:22:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:19)
17 - Repair CD/DVD Missing/Not Working
Start (21.07.2014 18:23:19)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (21.07.2014 18:23:19)
18 - Repair Volume Shadow Copy Service
Start (21.07.2014 18:23:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:28)
20 - Repair MSI (Windows Installer)
Start (21.07.2014 18:23:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:41)
22.01 - Repair bat Association
Start (21.07.2014 18:23:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:46)
22.02 - Repair cmd Association
Start (21.07.2014 18:23:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:51)
22.03 - Repair com Association
Start (21.07.2014 18:23:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:23:56)
22.04 - Repair Directory Association
Start (21.07.2014 18:23:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:01)
22.05 - Repair Drive Association
Start (21.07.2014 18:24:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:06)
22.06 - Repair exe Association
Start (21.07.2014 18:24:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:10)
22.07 - Repair Folder Association
Start (21.07.2014 18:24:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:15)
22.08 - Repair inf Association
Start (21.07.2014 18:24:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:20)
22.09 - Repair lnk (Shortcuts) Association
Start (21.07.2014 18:24:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:25)
22.10 - Repair msc Association
Start (21.07.2014 18:24:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:30)
22.11 - Repair reg Association
Start (21.07.2014 18:24:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:34)
22.12 - Repair scr Association
Start (21.07.2014 18:24:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:39)
23 - Repair Windows Safe Mode
Start (21.07.2014 18:24:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:24:44)
24 - Repair Print Spooler
Start (21.07.2014 18:24:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:25:01)
25 - Restore Important Windows Services
Start (21.07.2014 18:25:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:25:31)
26 - Set Windows Services To Default Startup
Start (21.07.2014 18:25:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.07.2014 18:25:40)
27 - Repair Windows 8 App Store
Start (21.07.2014 18:25:40)
Running Repair Under System Account
Running Repair Under Current User Account
Done (21.07.2014 18:26:14)
28 - Repair Windows 8 Component Store
Start (21.07.2014 18:26:14)
Running Repair Under Current User Account
Done (21.07.2014 18:47:55)
29 - Restore Windows 8 COM+ Unmarshalers
Start (21.07.2014 18:47:55)
Running Repair Under System Account
Done (21.07.2014 18:47:57)
Cleaning up empty logs...
All Selected Repairs Done.
Done (21.07.2014 18:47:58)
Total Repair Time: 00:43:22
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=789497b6128e0a47b90f474a2c0e05a2
# engine=19277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-21 07:09:41
# local_time=2014-07-21 09:09:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 99567 12652117 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3250396 30851074 0 0
# scanned=199120
# found=1
# cleaned=0
# scan_time=6048
sh=91A80C205C65E37F27D0E608EF65B2BE523E18BD ft=1 fh=4fcdf0195d1e4a50 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Florian_2\Downloads\YTDSetup481.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Mozilla Firefox (30.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Florian (administrator) on FLORIANS-PC on 21-07-2014 21:42:31
Running from C:\Users\Florian\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Users\Florian\Desktop\SecurityCheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Atheros Communications))
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Browser Extensions] => "C:\Users\Florian\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6BCFFDA8-F077-4580-9F00-94C973E658A1} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {6C62BA6B-1E2D-407B-A140-C8F2A678ED49} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\1swe5zhw.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\1swe5zhw.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-27]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-27]
CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-27]
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-27]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-27]
CHR Extension: (SiteAdvisor) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-27]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-27]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-21 21:42 - 2014-07-21 21:42 - 00000000 ____D () C:\Users\Florian\Desktop\FRST-OlderVersion
2014-07-21 21:26 - 2014-07-21 21:27 - 00854390 _____ () C:\Users\Florian\Desktop\SecurityCheck.exe
2014-07-21 19:08 - 2014-07-21 19:08 - 02347384 _____ (ESET) C:\Users\Florian\Downloads\esetsmartinstaller_deu.exe
2014-07-21 18:04 - 2014-07-21 18:47 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-07-21 18:03 - 2014-07-21 18:03 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-FLORIANS-PC-Microsoft-Windows-8.1-(64-bit).dat
2014-07-21 18:02 - 2014-07-21 18:02 - 00000000 ____D () C:\RegBackup
2014-07-21 17:15 - 2014-07-21 17:15 - 00000000 ____D () C:\Users\Florian\Downloads\tweaking.com_windows_repair_aio
2014-07-21 17:14 - 2014-07-21 17:15 - 03434761 _____ () C:\Users\Florian\Downloads\tweaking.com_windows_repair_aio.zip
2014-07-20 19:38 - 2014-07-21 21:42 - 00017828 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-07-20 19:37 - 2014-07-21 21:42 - 02090496 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-07-20 18:59 - 2014-07-20 18:59 - 00002923 _____ () C:\Users\Florian\Downloads\FSS.txt
2014-07-20 18:00 - 2014-07-20 18:00 - 00415232 _____ (Farbar) C:\Users\Florian\Downloads\FSS.exe
2014-07-20 17:57 - 2014-07-20 17:57 - 00000988 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-07-20 17:49 - 2014-07-20 17:49 - 01016261 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2014-07-20 17:49 - 2014-07-20 17:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-20 17:31 - 2014-07-20 17:31 - 01354223 _____ () C:\Users\Florian\Desktop\adwcleaner_3.216 (1).exe
2014-07-20 14:10 - 2014-07-20 14:10 - 04598217 _____ () C:\Users\Florian_2\Desktop\Intro1.mp4
2014-07-20 13:52 - 2014-07-20 13:54 - 00332398 _____ () C:\Users\Florian_2\Desktop\videoplayback (37).mp4
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieUserList
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieSiteList
2014-07-20 01:14 - 2014-07-20 01:14 - 00018273 _____ () C:\Users\Florian_2\Downloads\FRAGE.htm
2014-07-20 01:13 - 2014-07-20 01:13 - 00008470 _____ () C:\Users\Florian_2\Documents\Mein Film.wlmp
2014-07-19 21:30 - 2014-07-19 21:34 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt
2014-07-19 21:29 - 2014-07-21 21:42 - 00000000 ____D () C:\FRST
2014-07-19 21:29 - 2014-07-19 21:34 - 00046209 _____ () C:\Users\Florian_2\Downloads\FRST.txt
2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Desktop\FRST64.exe
2014-07-19 20:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-19 20:17 - 2014-07-20 17:34 - 00000000 ____D () C:\AdwCleaner
2014-07-19 20:16 - 2014-07-19 20:17 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe
2014-07-19 20:02 - 2014-07-19 20:04 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe
2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de
2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-19 19:44 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-07-19 19:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-07-19 19:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-07-19 19:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-07-19 19:43 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-07-19 19:43 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-07-19 19:43 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live
2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe
2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov
2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik
2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm
2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt
2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt
2014-07-18 16:06 - 2014-07-18 16:08 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip
2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun
2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution
2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW
2014-07-18 15:56 - 2014-07-18 15:57 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW
2014-07-18 15:50 - 2014-07-18 15:52 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk
2014-07-12 10:30 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 10:21 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 10:21 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 10:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-12 10:21 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 10:21 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 10:21 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 10:21 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 10:21 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 10:21 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 10:21 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 10:21 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-12 10:21 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 10:21 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-12 10:21 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-12 10:21 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 10:21 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-12 10:21 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-12 10:21 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-12 10:21 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 10:21 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-12 10:21 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-12 10:21 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-12 10:21 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 10:21 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 10:21 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-12 10:21 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-12 10:21 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-12 10:21 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 10:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-12 10:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 10:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 10:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 10:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-12 10:20 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 10:20 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-12 10:20 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 10:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 10:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 10:20 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 10:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-12 10:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-12 10:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 10:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 10:20 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 10:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-12 10:20 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-12 10:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 10:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 10:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-12 10:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-12 10:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-12 10:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-12 10:18 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 10:18 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-12 10:16 - 2014-07-12 10:19 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip
2014-07-12 10:11 - 2014-07-12 10:15 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip
2014-07-12 09:36 - 2014-07-12 09:47 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip
2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World
2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut
2014-06-28 00:25 - 2014-06-28 00:26 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe
2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi
2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid
2014-06-27 23:57 - 2014-06-30 17:33 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam
2014-06-27 23:57 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-06-27 23:53 - 2014-06-27 23:54 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe
2014-06-27 22:43 - 2014-06-27 22:43 - 00676896 _____ () C:\WINDOWS\Minidump\062714-38843-01.dmp
2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid
2014-06-24 15:29 - 2014-06-24 15:31 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3
2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip
==================== One Month Modified Files and Folders =======
2014-07-21 21:43 - 2014-07-20 19:38 - 00017828 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-07-21 21:42 - 2014-07-21 21:42 - 00000000 ____D () C:\Users\Florian\Desktop\FRST-OlderVersion
2014-07-21 21:42 - 2014-07-20 19:37 - 02090496 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-07-21 21:42 - 2014-07-19 21:29 - 00000000 ____D () C:\FRST
2014-07-21 21:41 - 2014-04-23 22:25 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 21:27 - 2014-07-21 21:26 - 00854390 _____ () C:\Users\Florian\Desktop\SecurityCheck.exe
2014-07-21 21:17 - 2014-04-13 15:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-21 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-21 19:16 - 2014-04-13 15:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159793628-760075510-2819493360-1001
2014-07-21 19:08 - 2014-07-21 19:08 - 02347384 _____ (ESET) C:\Users\Florian\Downloads\esetsmartinstaller_deu.exe
2014-07-21 18:56 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-21 18:56 - 2014-03-18 11:25 - 00751874 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-21 18:56 - 2014-03-18 11:25 - 00155350 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-21 18:54 - 2014-06-14 06:15 - 00000000 __RDO () C:\Users\Florian\OneDrive
2014-07-21 18:53 - 2014-04-23 22:25 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 18:49 - 2014-03-18 03:50 - 00166526 _____ () C:\WINDOWS\PFRO.log
2014-07-21 18:49 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-21 18:49 - 2013-08-22 16:44 - 05168320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-21 18:48 - 2014-06-14 06:06 - 01973808 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-21 18:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-21 18:47 - 2014-07-21 18:04 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-07-21 18:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 18:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-21 18:21 - 2012-07-26 07:26 - 00000160 _____ () C:\WINDOWS\win.ini
2014-07-21 18:03 - 2014-07-21 18:03 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-FLORIANS-PC-Microsoft-Windows-8.1-(64-bit).dat
2014-07-21 18:02 - 2014-07-21 18:02 - 00000000 ____D () C:\RegBackup
2014-07-21 17:15 - 2014-07-21 17:15 - 00000000 ____D () C:\Users\Florian\Downloads\tweaking.com_windows_repair_aio
2014-07-21 17:15 - 2014-07-21 17:14 - 03434761 _____ () C:\Users\Florian\Downloads\tweaking.com_windows_repair_aio.zip
2014-07-21 17:13 - 2014-06-06 19:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-07-21 17:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-20 18:59 - 2014-07-20 18:59 - 00002923 _____ () C:\Users\Florian\Downloads\FSS.txt
2014-07-20 18:00 - 2014-07-20 18:00 - 00415232 _____ (Farbar) C:\Users\Florian\Downloads\FSS.exe
2014-07-20 17:57 - 2014-07-20 17:57 - 00000988 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-07-20 17:49 - 2014-07-20 17:49 - 01016261 _____ (Thisisu) C:\Users\Florian\Downloads\JRT.exe
2014-07-20 17:49 - 2014-07-20 17:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-20 17:34 - 2014-07-19 20:17 - 00000000 ____D () C:\AdwCleaner
2014-07-20 17:31 - 2014-07-20 17:31 - 01354223 _____ () C:\Users\Florian\Desktop\adwcleaner_3.216 (1).exe
2014-07-20 17:26 - 2014-04-27 12:41 - 00000000 ____D () C:\Users\Florian\Documents\Bluetooth Folder
2014-07-20 17:25 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian
2014-07-20 17:25 - 2014-04-27 12:38 - 00002271 _____ () C:\Users\Florian\Desktop\Google Chrome.lnk
2014-07-20 14:10 - 2014-07-20 14:10 - 04598217 _____ () C:\Users\Florian_2\Desktop\Intro1.mp4
2014-07-20 13:54 - 2014-07-20 13:52 - 00332398 _____ () C:\Users\Florian_2\Desktop\videoplayback (37).mp4
2014-07-20 10:34 - 2014-04-14 12:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159793628-760075510-2819493360-1004
2014-07-20 10:08 - 2014-05-25 17:00 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\Adobe
2014-07-20 10:05 - 2014-06-14 17:52 - 00000000 ___RD () C:\Users\Florian_2\OneDrive
2014-07-20 10:05 - 2014-04-13 15:57 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Atheros
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieUserList
2014-07-20 01:15 - 2014-07-20 01:15 - 00000000 __SHD () C:\Users\Florian_2\AppData\Local\EmieSiteList
2014-07-20 01:14 - 2014-07-20 01:14 - 00018273 _____ () C:\Users\Florian_2\Downloads\FRAGE.htm
2014-07-20 01:13 - 2014-07-20 01:13 - 00008470 _____ () C:\Users\Florian_2\Documents\Mein Film.wlmp
2014-07-20 01:10 - 2014-04-22 22:22 - 00000000 ____D () C:\Users\Florian_2\Documents\Bluetooth Folder
2014-07-19 21:34 - 2014-07-19 21:30 - 00033699 _____ () C:\Users\Florian_2\Downloads\Addition.txt
2014-07-19 21:34 - 2014-07-19 21:29 - 00046209 _____ () C:\Users\Florian_2\Downloads\FRST.txt
2014-07-19 21:28 - 2014-07-19 21:28 - 02089984 _____ (Farbar) C:\Users\Florian_2\Desktop\FRST64.exe
2014-07-19 21:06 - 2014-06-14 05:44 - 00000000 ____D () C:\Users\Florian_2
2014-07-19 20:17 - 2014-07-19 20:16 - 01354223 _____ () C:\Users\Florian\Downloads\adwcleaner_3.216.exe
2014-07-19 20:04 - 2014-07-19 20:02 - 11227432 _____ () C:\Users\Florian_2\Downloads\YTDSetup481.exe
2014-07-19 19:47 - 2014-07-19 19:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-19 19:47 - 2014-07-19 19:47 - 00000000 ____D () C:\WINDOWS\de
2014-07-19 19:45 - 2014-07-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-19 19:45 - 2014-07-19 19:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-19 19:44 - 2014-07-19 19:44 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-07-19 19:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-19 19:43 - 2014-04-23 12:39 - 00368732 _____ () C:\WINDOWS\DirectX.log
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\Windows Live
2014-07-19 19:38 - 2014-07-19 19:38 - 01245384 _____ (Microsoft Corporation) C:\Users\Florian_2\Downloads\wlsetup-web.exe
2014-07-19 14:41 - 2014-07-19 14:41 - 01337326 _____ () C:\Users\Florian_2\Downloads\2291019_6112566.mov
2014-07-19 14:40 - 2014-06-16 14:36 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\Synthesia
2014-07-19 14:40 - 2014-06-09 01:02 - 00001024 _____ () C:\Users\Florian_2\Desktop\Sandboxed Web Browser.lnk
2014-07-19 12:36 - 2014-07-19 12:36 - 00000000 ____D () C:\Users\Florian_2\Desktop\Synthesia Musik
2014-07-19 12:32 - 2014-04-24 19:09 - 00002271 _____ () C:\Users\Florian_2\Desktop\Google Chrome.lnk
2014-07-18 22:30 - 2014-07-18 22:30 - 00020355 _____ () C:\Users\Florian_2\Desktop\zsnesw.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00016384 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.srm
2014-07-18 22:30 - 2014-07-18 22:30 - 00008952 _____ () C:\Users\Florian_2\Desktop\zfont.txt
2014-07-18 22:30 - 2014-07-18 22:30 - 00003806 _____ () C:\Users\Florian_2\Desktop\zinput.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00002480 _____ () C:\Users\Florian_2\Desktop\zmovie.cfg
2014-07-18 22:30 - 2014-07-18 22:30 - 00000254 _____ () C:\Users\Florian_2\Desktop\rominfo.txt
2014-07-18 21:44 - 2014-04-24 19:21 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\.minecraft
2014-07-18 16:22 - 2014-05-16 18:45 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-18 16:22 - 2014-04-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-18 16:08 - 2014-07-18 16:06 - 01990061 _____ () C:\Users\Florian_2\Downloads\riivolution.zip
2014-07-18 16:04 - 2014-07-18 16:04 - 00000000 ____D () C:\Users\Florian_2\Desktop\Newer Summer Sun
2014-07-18 16:02 - 2014-07-18 16:02 - 00000000 ____D () C:\Users\Florian_2\Desktop\riivolution
2014-07-18 15:59 - 2014-07-18 15:59 - 01990061 _____ () C:\Users\Florian_2\Desktop\riivolution.zip
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\private
2014-07-18 15:58 - 2014-07-18 15:58 - 00000000 ____D () C:\Users\Florian_2\Desktop\NewerSMBW
2014-07-18 15:57 - 2014-07-18 15:56 - 00000000 ____D () C:\Users\Florian_2\Desktop\Wichtig NSMBW
2014-07-18 15:56 - 2013-08-22 16:46 - 00326139 _____ () C:\WINDOWS\setupact.log
2014-07-18 15:52 - 2014-07-18 15:50 - 00001120 _____ () C:\Users\Florian_2\Desktop\Achtung!.lnk
2014-07-18 15:52 - 2014-06-06 19:35 - 00000000 ____D () C:\Users\Florian_2\Desktop\SNES
2014-07-15 02:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 20:12 - 2014-06-09 01:02 - 00001508 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-12 10:52 - 2014-04-13 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 10:33 - 2014-04-14 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 10:31 - 2014-04-14 17:20 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 10:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-12 10:30 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 10:19 - 2014-07-12 10:16 - 39187528 _____ () C:\Users\Florian_2\Downloads\Another_Super_Mario_Brothers_Wii_2.0.zip
2014-07-12 10:15 - 2014-07-12 10:11 - 16219834 _____ () C:\Users\Florian_2\Downloads\Newer_Super_Mario_Bros._Wii_HS.zip
2014-07-12 09:47 - 2014-07-12 09:36 - 120478786 _____ () C:\Users\Florian_2\Desktop\Newer_Summer_Sun.zip
2014-07-08 20:18 - 2014-04-13 15:37 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:41 - 2014-07-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-08 15:06 - 2014-07-08 15:06 - 00000000 ____D () C:\Users\Florian_2\Desktop\Kaizo Mario World
2014-07-07 12:24 - 2014-04-23 20:11 - 00000000 ____D () C:\Users\Florian_2\AppData\Local\CrashDumps
2014-07-04 19:23 - 2014-06-09 03:01 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\vlc
2014-07-03 21:04 - 2013-05-27 14:55 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-30 17:33 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\Documents\Bandicam
2014-06-28 00:41 - 2014-04-24 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-06-28 00:26 - 2014-06-28 00:26 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicut.lnk
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian_2\AppData\Roaming\BANDISOFT
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Users\Florian\Documents\Bandicut
2014-06-28 00:26 - 2014-06-28 00:26 - 00000000 ____D () C:\Program Files (x86)\Bandicut
2014-06-28 00:26 - 2014-06-28 00:25 - 09742656 _____ (Bandisoft) C:\Users\Florian\Downloads\bandicut-setup.exe
2014-06-28 00:26 - 2014-06-27 23:57 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\BANDISOFT
2014-06-28 00:10 - 2014-06-14 05:52 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-28 00:05 - 2014-06-28 00:05 - 02867878 _____ () C:\Users\Florian\Downloads\bandicam 2014-06-28 00-05-13-692.avi
2014-06-28 00:04 - 2014-06-28 00:04 - 00002882 _____ () C:\Users\Florian_2\Downloads\Detective Conan Movie 18 Piano [Right Hand].mid
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian_2\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00001004 _____ () C:\Users\Florian\Desktop\Bandicam.lnk
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-06-27 23:57 - 2014-06-27 23:57 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-06-27 23:54 - 2014-06-27 23:53 - 09310216 _____ (Bandisoft) C:\Users\Florian_2\Downloads\bdcamsetup_2.0.1.651.exe
2014-06-27 23:36 - 2014-04-23 22:25 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-27 23:36 - 2014-04-23 22:25 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-27 23:31 - 2014-06-06 19:37 - 00000000 ____D () C:\Users\Florian_2\Desktop\GAMEBOY
2014-06-27 22:43 - 2014-06-27 22:43 - 00676896 _____ () C:\WINDOWS\Minidump\062714-38843-01.dmp
2014-06-27 22:43 - 2014-06-27 22:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 22:42 - 2014-06-27 22:42 - 543938396 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 21:14 - 2014-06-26 21:14 - 00002842 _____ () C:\Users\Florian_2\Desktop\Fail.mid
2014-06-24 15:31 - 2014-06-24 15:29 - 00000000 ____D () C:\Users\Florian_2\Downloads\RouterReconnect_1.3
2014-06-24 15:28 - 2014-06-24 15:28 - 00157234 _____ () C:\Users\Florian_2\Downloads\RouterReconnect_1.3.zip
2014-06-24 15:04 - 2014-04-18 16:31 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Florian\AppData\Local\Temp\bdfilters.dll
C:\Users\Florian\AppData\Local\Temp\mbam-setup.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian_2\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-21 19:18
==================== End Of Log ============================
--- --- --- |
|
22.07.2014, 11:11
| #9 |
| /// the machine /// TB-Ausbilder | Nach Download Viren/Adware/PUP Java udpaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Browser Extensions] => "C:\Users\Florian\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
C:\Users\Florian\AppData\Roaming\Browser Extensions
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2014, 11:11
| #10 |
| /// the machine /// TB-Ausbilder | Nach Download Viren/Adware/PUP Java udpaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Browser Extensions] => "C:\Users\Florian\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
C:\Users\Florian\AppData\Roaming\Browser Extensions
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2014, 12:58
| #11 |
| | Nach Download Viren/Adware/PUP SO Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Florian at 2014-07-22 13:56:57 Run:1
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\...\Run: [Browser Extensions] => "C:\Users\Florian\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
C:\Users\Florian\AppData\Roaming\Browser Extensions
*****************
HKU\S-1-5-21-1159793628-760075510-2819493360-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => value deleted successfully.
"C:\Users\Florian\AppData\Roaming\Browser Extensions" => File/Directory not found.
==== End of Fixlog ====
|
|
22.07.2014, 16:51
| #12 |
| |  Nach Download Viren/Adware/PUP Die Letzte Antwort: Falls du nicht mehr antwortest, Bedanke ich mich jetzt schon bei dir ^^ für die tolle Hilfe Alles hat super geklappt und endlich bin ich die Adware los. Niemals hatte ich gedacht dass sie nach dem Scan noch da ist Kontakt werden wir viellecht wieder haben Es kommt hoffentlich kein Virus mehr ------ wenn du anstatt links nach rechts liest von OBEN nach Unten liest dann.... (Vielleicht ergibt der Text keinen Sinn  )  |
|
23.07.2014, 08:34
| #13 |
| /// the machine /// TB-Ausbilder | Nach Download Viren/Adware/PUP Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Nach Download Viren/Adware/PUP |
| adware, adwcleaner, anfang, avira, backup, chip, chip.de, download, downloader, folge, folgendes, gefunde, geklickt, gen, gestartet, installation, irgendetwas, komisch, loader, malwarebytes, meldungen, nach download, neu, online, plötzlich, runtergeladen, scanne, scannen, ytdownloader |
Linear-Darstellung
