| |
| |||||||
Log-Analyse und Auswertung: Mozilla Firefox öffnet unerwünschte Tabs automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.07.2014, 20:13
| #1 |
 |  Mozilla Firefox öffnet unerwünschte Tabs automatisch Sehr geehrtes Trojaner-Board Team, ich hab seit gestern das Problem, dass sich, wenn ich im Internet mit Mozilla Firefox surfe , plötzlich unerwünschte Internetseiten öffnen. Ich habe mit Avira einen Virenscan gemacht. Dieser hat das unerwünschte Programm "mysearchdial.dll" gefunden. Hier die Log-Files: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:26 on 20/07/2014 (Alex_Daniel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Alex_Daniel (administrator) on ALEX_DANIEL-PC on 20-07-2014 20:33:34
Running from C:\Users\Alex_Daniel\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-07-15] (LogMeIn Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-411053833-585597847-4183179001-1000\...\MountPoints2: {400896cf-51ae-11e2-9c50-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-411053833-585597847-4183179001-1000\...\MountPoints2: {acf5c7f4-6181-11e2-8d9e-d43d7e2a2874} - F:\autorun.exe
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65E74E461FE2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {714CE3C3-039B-4B76-9F6F-9EA480F4B5D7} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {714CE3C3-039B-4B76-9F6F-9EA480F4B5D7} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java 32 bit\bin\ssv.dll No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java 32 bit\bin\jp2ssv.dll No File
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Alex_Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4dn8v363.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java 32 bit\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-29]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-14] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-16] ()
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-01-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-01-19] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-25] (Duplex Secure Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-20 20:33 - 2014-07-20 20:34 - 00011641 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-20 20:33 - 2014-07-20 20:33 - 00000000 ____D () C:\FRST
2014-07-20 20:31 - 2014-07-20 20:32 - 02089984 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:51 - 2014-07-15 15:53 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:01 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-15 14:01 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-15 14:01 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-15 14:01 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-15 14:01 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-15 14:01 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-15 14:01 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-15 14:01 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-15 14:01 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-15 14:01 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-15 14:01 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-15 14:01 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-15 14:01 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-15 14:01 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-15 14:01 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-15 14:01 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-15 14:01 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-15 14:01 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-15 14:01 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-15 14:01 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-15 14:00 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-15 14:00 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-15 14:00 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-15 14:00 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-15 14:00 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-15 14:00 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-15 14:00 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-15 14:00 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-15 13:59 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-15 13:59 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-15 13:59 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-10 17:13 - 2014-07-20 19:21 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-02 13:31 - 2014-07-14 14:40 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
2014-06-21 13:47 - 2014-06-21 13:47 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Just Cause 2 Multiplayer.url
==================== One Month Modified Files and Folders =======
2014-07-20 20:34 - 2014-07-20 20:33 - 00011641 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-20 20:33 - 2014-07-20 20:33 - 00000000 ____D () C:\FRST
2014-07-20 20:32 - 2014-07-20 20:31 - 02089984 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-20 20:31 - 2012-12-25 06:15 - 01765487 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 20:29 - 2013-03-12 15:53 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\LogMeIn Hamachi
2014-07-20 20:28 - 2013-12-11 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-20 20:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 20:28 - 2009-07-14 06:51 - 00155049 _____ () C:\Windows\setupact.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-20 20:26 - 2012-12-24 23:21 - 00000000 ____D () C:\Users\Alex_Daniel
2014-07-20 20:25 - 2012-12-26 00:10 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Skype
2014-07-20 19:23 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:23 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:21 - 2014-07-10 17:13 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-18 20:47 - 2014-02-17 20:36 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\ftblauncher
2014-07-17 18:32 - 2014-04-16 22:24 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\.minecraft
2014-07-16 21:07 - 2013-12-22 19:14 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\FileZilla
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:53 - 2014-07-15 15:51 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:12 - 2009-07-14 06:45 - 00276136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 14:10 - 2014-04-30 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 14:10 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-15 14:04 - 2013-12-11 14:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 14:02 - 2012-12-25 00:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-15 13:51 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-14 14:40 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-14 14:30 - 2013-11-06 16:02 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2014-07-14 14:19 - 2013-03-11 16:48 - 00000000 ____D () C:\Program Files (x86)\Klett
2014-07-14 14:19 - 2012-12-25 01:33 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-12 11:56 - 2012-12-27 20:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 11:56 - 2012-12-27 20:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 16:27 - 2012-12-25 14:15 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2 OA
2014-07-10 16:19 - 2012-12-25 16:20 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2
2014-07-10 15:40 - 2012-12-25 14:12 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-10 14:02 - 2013-05-09 18:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-06 12:10 - 2012-12-25 01:22 - 00001509 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-06 12:10 - 2012-12-25 01:21 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-02 13:32 - 2012-12-25 14:15 - 00176899 _____ () C:\Windows\DirectX.log
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:16 - 2012-12-24 23:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-07-01 13:58 - 2013-03-21 17:26 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-30 04:09 - 2014-07-15 14:00 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-15 14:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
2014-06-27 20:02 - 2013-07-18 17:22 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\TS3Client
2014-06-27 16:04 - 2012-12-25 22:28 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\My Games
2014-06-22 15:03 - 2013-09-10 19:15 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\Visual Studio 2012
2014-06-21 13:47 - 2014-06-21 13:47 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Just Cause 2 Multiplayer.url
2014-06-21 12:58 - 2014-04-30 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 22:14 - 2014-07-15 14:01 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-15 14:01 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
Some content of TEMP:
====================
C:\Users\Alex_Daniel\AppData\Local\Temp\0ib3qlcw.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\2uvv0412.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\flzqcuoy.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\iu2egnbk.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\m1dfixm1.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\npp.6.4.3.Installer.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\sxtufe1i.dll
C:\Users\Alex_Daniel\AppData\Local\Temp\tmp1D9F.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\tmp3DFA.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\Uninstall.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_is340A.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_is9849.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isAA18.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isB579.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isCF9D.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isD0.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isD972.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\_isED4F.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-09 18:09
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Alex_Daniel at 2014-07-20 20:34:38
Running from C:\Users\Alex_Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Burg Rabenstolz v1.01 (HKLM-x32\...\Burg Rabenstolz_is1) (Version: - Arandor90)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Classic Shell (HKLM\...\{1EEF5C7E-C371-431D-A507-8C5B46EED7B4}) (Version: 3.2.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version: - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis Wars(R) (HKLM-x32\...\Crysis Wars(R)) (Version: - Electronic Arts)
Crysis Wars(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Free YouTube Download version 3.2.39.604 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.39.604 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Ghostbusters (TM): The Video Game (x32 Version: 1.00.0000 - Atari) Hidden
GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.00.0000 - Codemasters)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Ivellon 1.0 (HKLM-x32\...\Ivellon_is1) (Version: - Lazarus)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
Klett Mathetrainer 9 (HKLM-x32\...\Klett Mathetrainer 9_is1) (Version: - )
LEGO® Star Wars™ III: The Clone Wars™ (HKLM-x32\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.222 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.222 - LogMeIn, Inc.) Hidden
Media Go (HKLM-x32\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony)
Media Go Network Downloader (HKLM-x32\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.131.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.131.12060 - Sony)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.6.40627.9000 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60418.17931 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - DEU Resources (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - DEU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012-Vorbereitung (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NWZ-E470 E570 WALKMAN Guide (HKLM-x32\...\{F3448416-D3D7-4DBA-B982-4AEB064D9473}) (Version: 1.0.00 - Sony Corporation)
Oblivion - BTmod 2.20 (HKLM-x32\...\BTmod) (Version: 2.20 - Beider & Tikigod)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.9 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
Oblivion-Bücher-Mod-v1.0 (HKLM-x32\...\Oblivion-Bücher-Mod_is1) (Version: - OBG)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Rungs "Verbesserte Magiergilde" 2.3a (HKLM-x32\...\{04EFC3B1-1A7A-4075-866F-B1EF3BA3E783}_is1) (Version: 2.3a - Rung)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{56ef8912-352f-4fab-9c73-6f1c92a7127f}) (Version: 11.0.51219 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Warframe (HKLM-x32\...\{42934D72-C07D-4F60-8C37-0FDC47EB1950}) (Version: 1.0.0 - Digital Extremes)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUAE 2.0.1 (HKLM-x32\...\WinUAE) (Version: 2.0.1 - Arabuusimiehet)
==================== Restore Points =========================
15-07-2014 12:01:29 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {175B1583-247E-4361-BFB6-6554C36A6557} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {58F2F050-B728-4C9A-B3EF-11DD25F7FC25} - System32\Tasks\4817 => Wscript.exe C:\Users\ALEX_D~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {60A0D55C-022E-4FE7-B7CD-429EAF5D9392} - System32\Tasks\{CB67F25D-450A-423C-9C55-69E69261096D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
==================== Loaded Modules (whitelisted) =============
2013-12-11 16:41 - 2013-11-11 17:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-24 20:15 - 2014-01-16 17:31 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Games\Steam\Steam.exe" -silent
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2014 08:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2014 07:17:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2014 01:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 04:31:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1524
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/19/2014 02:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 07:32:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 05:42:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 03:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 02:22:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2014 06:17:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/20/2014 07:29:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/20/2014 07:29:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/20/2014 07:29:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/20/2014 07:29:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/20/2014 01:54:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (07/18/2014 04:18:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/18/2014 04:18:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (07/18/2014 02:21:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DANIJEL-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{50E9354A-A17C-4678-9756-517E4963AF65}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/16/2014 07:23:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 25.181.22.7
registriert werden. Der Computer mit IP-Adresse 25.124.19.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/16/2014 03:34:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (07/20/2014 08:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2014 07:17:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2014 01:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/19/2014 04:31:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b152401cfa35afefc175fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll4ddaba2b-0f51-11e4-8acc-df2b92434da0
Error: (07/19/2014 02:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 07:32:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 05:42:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 03:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2014 02:22:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2014 06:17:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-04-22 15:52:05.015
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:52:04.984
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:16.939
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:16.908
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:15.104
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:15.073
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:05.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:05.571
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:04.370
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-22 15:51:04.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8140.25 MB
Available physical RAM: 6078.66 MB
Total Pagefile: 16278.67 MB
Available Pagefile: 14082.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Lokaler Datenträger) (Fixed) (Total:68.26 GB) (Free:11.55 GB) NTFS
Drive d: () (Fixed) (Total:164.52 GB) (Free:83.14 GB) NTFS
Drive f: (Volume) (Fixed) (Total:407.17 GB) (Free:275.16 GB) NTFS
Drive h: (Volume) (Fixed) (Total:58.59 GB) (Free:52.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E651E651)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=165 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B702095C)
Partition 1: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=407 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-20 21:00:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HDP725025GLA380 rev.GM2OA5CA 232.89GB
Running: Gmer-19357.exe; Driver: C:\Users\ALEX_D~1\AppData\Local\Temp\fwlciaod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000701b1a22 2 bytes [1B, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000701b1ad0 2 bytes [1B, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000701b1b08 2 bytes [1B, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000701b1bba 2 bytes [1B, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000701b1bda 2 bytes [1B, 70]
.text C:\Program Files (x86)\BlueStacks\HD-Service.exe[2156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75]
.text C:\Program Files (x86)\BlueStacks\HD-Service.exe[2156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x10 0x65 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x2B 0x69 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xD8 0x72 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x10 0x65 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x2B 0x69 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xD8 0x72 0xC3 ...
---- EOF - GMER 2.1 ----
AviraScan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 20. Juli 2014 13:48
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ALEX_DANIEL-PC
Versionsinformationen:
BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00
AVSCAN.EXE : 14.0.5.396 1042512 Bytes 01.07.2014 11:58:49
AVSCANRC.DLL : 14.0.5.364 62544 Bytes 01.07.2014 11:58:49
LUKE.DLL : 14.0.5.336 57936 Bytes 01.07.2014 12:01:12
AVSCPLR.DLL : 14.0.5.376 89680 Bytes 01.07.2014 11:58:50
AVREG.DLL : 14.0.5.356 261200 Bytes 01.07.2014 11:58:25
avlode.dll : 14.0.5.396 588368 Bytes 01.07.2014 11:58:17
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 11:33:21
XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:00
XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:00
XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:01
XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:02
XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:03
XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 12:36:04
XBV00141.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00142.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00143.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00144.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00145.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00146.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:24
XBV00147.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00148.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00149.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00150.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00151.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00152.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:25
XBV00153.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00154.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00155.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00156.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00157.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00158.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:26
XBV00159.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00160.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00161.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00162.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00163.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00164.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:27
XBV00165.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00166.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00167.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00168.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00169.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00170.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:28
XBV00171.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00172.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00173.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00174.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00175.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00176.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:29
XBV00177.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:30
XBV00178.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:30
XBV00179.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:30
XBV00180.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:30
XBV00181.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:30
XBV00182.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00183.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00184.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00185.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00186.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00187.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:31
XBV00188.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00189.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00190.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00191.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00192.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00193.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:32
XBV00194.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00195.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00196.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00197.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00198.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00199.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:33
XBV00200.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00201.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00202.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00203.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00204.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00205.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:34
XBV00206.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00207.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00208.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00209.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00210.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00211.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:35
XBV00212.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00213.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00214.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00215.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00216.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00217.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:36
XBV00218.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:37
XBV00219.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:37
XBV00220.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:37
XBV00221.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:37
XBV00222.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:37
XBV00223.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:38
XBV00224.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:38
XBV00225.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:38
XBV00226.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:38
XBV00227.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:38
XBV00228.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00229.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00230.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00231.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00232.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00233.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:39
XBV00234.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00235.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00236.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00237.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00238.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00239.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:40
XBV00240.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00241.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00242.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00243.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00244.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00245.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:41
XBV00246.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00247.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00248.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00249.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00250.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00251.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:42
XBV00252.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:43
XBV00253.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:43
XBV00254.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:43
XBV00255.VDF : 8.11.159.102 2048 Bytes 08.07.2014 10:20:43
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:56:31
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 15:33:21
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 15:57:07
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:36:29
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 15:35:15
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 14:48:40
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:59:35
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:25:15
XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 12:36:05
XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 12:36:07
XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 10:20:07
XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 10:20:07
XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 10:20:07
XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 10:20:07
XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 10:20:08
XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 10:20:08
XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 10:20:08
XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 10:20:08
XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 12:02:37
XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 12:02:37
XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 12:02:38
XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 12:02:38
XBV00056.VDF : 8.11.159.210 25600 Bytes 09.07.2014 12:02:38
XBV00057.VDF : 8.11.159.212 7168 Bytes 09.07.2014 12:02:38
XBV00058.VDF : 8.11.159.218 27648 Bytes 10.07.2014 12:02:38
XBV00059.VDF : 8.11.159.220 2048 Bytes 10.07.2014 12:02:38
XBV00060.VDF : 8.11.159.222 29696 Bytes 10.07.2014 12:02:38
XBV00061.VDF : 8.11.159.224 167936 Bytes 10.07.2014 12:02:39
XBV00062.VDF : 8.11.159.226 35328 Bytes 10.07.2014 18:02:13
XBV00063.VDF : 8.11.159.230 186368 Bytes 10.07.2014 18:02:14
XBV00064.VDF : 8.11.159.250 16896 Bytes 10.07.2014 18:02:14
XBV00065.VDF : 8.11.159.252 2048 Bytes 10.07.2014 18:02:14
XBV00066.VDF : 8.11.160.16 6144 Bytes 10.07.2014 08:10:17
XBV00067.VDF : 8.11.160.40 17408 Bytes 10.07.2014 08:10:17
XBV00068.VDF : 8.11.160.42 2048 Bytes 11.07.2014 08:10:17
XBV00069.VDF : 8.11.160.46 179200 Bytes 11.07.2014 08:10:18
XBV00070.VDF : 8.11.160.48 203264 Bytes 11.07.2014 10:00:09
XBV00071.VDF : 8.11.160.50 6144 Bytes 11.07.2014 10:00:10
XBV00072.VDF : 8.11.160.52 2048 Bytes 11.07.2014 10:00:10
XBV00073.VDF : 8.11.160.54 2048 Bytes 11.07.2014 10:00:10
XBV00074.VDF : 8.11.160.58 22016 Bytes 11.07.2014 10:00:10
XBV00075.VDF : 8.11.160.60 2048 Bytes 11.07.2014 10:00:10
XBV00076.VDF : 8.11.160.62 8192 Bytes 11.07.2014 10:00:10
XBV00077.VDF : 8.11.160.66 198656 Bytes 12.07.2014 10:00:10
XBV00078.VDF : 8.11.160.68 7168 Bytes 12.07.2014 16:00:07
XBV00079.VDF : 8.11.160.70 14848 Bytes 12.07.2014 16:00:07
XBV00080.VDF : 8.11.160.72 7168 Bytes 12.07.2014 16:00:07
XBV00081.VDF : 8.11.160.92 40448 Bytes 13.07.2014 13:47:23
XBV00082.VDF : 8.11.160.112 2048 Bytes 13.07.2014 13:47:23
XBV00083.VDF : 8.11.160.130 193024 Bytes 13.07.2014 19:47:30
XBV00084.VDF : 8.11.160.132 2048 Bytes 13.07.2014 19:47:32
XBV00085.VDF : 8.11.160.152 20480 Bytes 13.07.2014 19:47:33
XBV00086.VDF : 8.11.160.154 2048 Bytes 13.07.2014 19:47:34
XBV00087.VDF : 8.11.160.156 20992 Bytes 14.07.2014 12:21:41
XBV00088.VDF : 8.11.160.158 2560 Bytes 14.07.2014 12:21:41
XBV00089.VDF : 8.11.160.160 11264 Bytes 14.07.2014 12:21:41
XBV00090.VDF : 8.11.160.162 2560 Bytes 14.07.2014 12:21:41
XBV00091.VDF : 8.11.160.166 14336 Bytes 14.07.2014 12:21:41
XBV00092.VDF : 8.11.160.168 5120 Bytes 14.07.2014 18:21:41
XBV00093.VDF : 8.11.160.178 7168 Bytes 14.07.2014 18:21:41
XBV00094.VDF : 8.11.160.180 2048 Bytes 14.07.2014 18:21:41
XBV00095.VDF : 8.11.160.182 2048 Bytes 14.07.2014 18:21:41
XBV00096.VDF : 8.11.160.188 256000 Bytes 14.07.2014 11:56:59
XBV00097.VDF : 8.11.160.190 7680 Bytes 14.07.2014 11:56:59
XBV00098.VDF : 8.11.160.194 18432 Bytes 15.07.2014 11:56:59
XBV00099.VDF : 8.11.160.212 184832 Bytes 15.07.2014 11:56:59
XBV00100.VDF : 8.11.160.230 289792 Bytes 15.07.2014 17:56:49
XBV00101.VDF : 8.11.160.232 2048 Bytes 15.07.2014 17:56:50
XBV00102.VDF : 8.11.160.234 176128 Bytes 15.07.2014 17:56:57
XBV00103.VDF : 8.11.160.254 18432 Bytes 15.07.2014 13:39:04
XBV00104.VDF : 8.11.161.16 6144 Bytes 16.07.2014 13:39:04
XBV00105.VDF : 8.11.161.32 2048 Bytes 16.07.2014 13:39:04
XBV00106.VDF : 8.11.161.34 2048 Bytes 16.07.2014 13:39:04
XBV00107.VDF : 8.11.161.52 26624 Bytes 16.07.2014 13:39:06
XBV00108.VDF : 8.11.161.68 184832 Bytes 16.07.2014 11:33:21
XBV00109.VDF : 8.11.161.84 2048 Bytes 16.07.2014 11:33:21
XBV00110.VDF : 8.11.162.2 2560 Bytes 16.07.2014 11:33:21
XBV00111.VDF : 8.11.162.6 16896 Bytes 16.07.2014 11:33:21
XBV00112.VDF : 8.11.162.8 24064 Bytes 16.07.2014 11:33:22
XBV00113.VDF : 8.11.162.10 2560 Bytes 16.07.2014 11:33:22
XBV00114.VDF : 8.11.162.14 41472 Bytes 17.07.2014 11:33:22
XBV00115.VDF : 8.11.162.16 2048 Bytes 17.07.2014 11:33:22
XBV00116.VDF : 8.11.162.18 215040 Bytes 17.07.2014 17:33:01
XBV00117.VDF : 8.11.162.22 184320 Bytes 17.07.2014 17:33:02
XBV00118.VDF : 8.11.162.40 258048 Bytes 17.07.2014 17:33:02
XBV00119.VDF : 8.11.162.42 3584 Bytes 17.07.2014 17:33:02
XBV00120.VDF : 8.11.162.58 3072 Bytes 17.07.2014 12:26:03
XBV00121.VDF : 8.11.162.78 2048 Bytes 17.07.2014 12:26:04
XBV00122.VDF : 8.11.162.94 2048 Bytes 17.07.2014 12:26:04
XBV00123.VDF : 8.11.162.110 35840 Bytes 17.07.2014 12:26:05
XBV00124.VDF : 8.11.162.112 2048 Bytes 18.07.2014 12:26:06
XBV00125.VDF : 8.11.162.130 23040 Bytes 18.07.2014 12:26:07
XBV00126.VDF : 8.11.162.134 184320 Bytes 18.07.2014 12:26:12
XBV00127.VDF : 8.11.162.136 2048 Bytes 18.07.2014 12:26:13
XBV00128.VDF : 8.11.162.152 231424 Bytes 18.07.2014 12:26:19
XBV00129.VDF : 8.11.162.154 2048 Bytes 18.07.2014 12:26:20
XBV00130.VDF : 8.11.162.170 108032 Bytes 18.07.2014 18:25:58
XBV00131.VDF : 8.11.162.172 9728 Bytes 18.07.2014 18:25:58
XBV00132.VDF : 8.11.162.174 2048 Bytes 18.07.2014 18:25:59
XBV00133.VDF : 8.11.162.188 20992 Bytes 18.07.2014 18:25:59
XBV00134.VDF : 8.11.162.192 2048 Bytes 18.07.2014 18:25:59
XBV00135.VDF : 8.11.162.194 2048 Bytes 18.07.2014 18:25:59
XBV00136.VDF : 8.11.162.200 19968 Bytes 18.07.2014 12:17:52
XBV00137.VDF : 8.11.162.204 2048 Bytes 18.07.2014 12:17:52
XBV00138.VDF : 8.11.162.212 2048 Bytes 18.07.2014 12:17:52
XBV00139.VDF : 8.11.162.228 227840 Bytes 19.07.2014 12:17:52
XBV00140.VDF : 8.11.162.244 2048 Bytes 19.07.2014 12:17:52
LOCAL001.VDF : 8.11.162.244 109301760 Bytes 19.07.2014 12:18:00
Engineversion : 8.3.20.34
AEVDF.DLL : 8.3.0.4 118976 Bytes 21.03.2014 12:44:32
AESCRIPT.DLL : 8.1.4.220 532680 Bytes 11.07.2014 14:17:40
AESCN.DLL : 8.3.1.2 135360 Bytes 28.05.2014 17:19:21
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 12:40:20
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 13:27:29
AEPACK.DLL : 8.4.0.42 786632 Bytes 02.07.2014 17:21:17
AEOFFICE.DLL : 8.3.0.10 209096 Bytes 11.07.2014 14:17:39
AEHEUR.DLL : 8.1.4.1160 7229640 Bytes 11.07.2014 14:17:39
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 17:19:15
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 11:39:50
AEEXP.DLL : 8.4.2.6 237760 Bytes 27.06.2014 11:39:31
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 13:30:20
AECORE.DLL : 8.3.1.4 241864 Bytes 06.06.2014 11:39:38
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 14.0.5.320 24144 Bytes 01.07.2014 11:57:40
AVPREF.DLL : 14.0.5.320 50256 Bytes 01.07.2014 11:58:22
AVREP.DLL : 14.0.5.320 219216 Bytes 01.07.2014 11:58:27
AVARKT.DLL : 14.0.5.368 226384 Bytes 01.07.2014 11:57:45
AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 01.07.2014 11:58:00
SQLITE3.DLL : 14.0.5.320 452176 Bytes 01.07.2014 12:02:50
AVSMTP.DLL : 14.0.5.320 76368 Bytes 01.07.2014 11:58:53
NETNT.DLL : 14.0.5.320 13392 Bytes 01.07.2014 12:01:14
RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 01.07.2014 11:57:40
RCTEXT.DLL : 14.0.5.322 73808 Bytes 01.07.2014 11:57:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, H:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Auszulassende Dateien.................: D:\DayZ Commander\Current\DayZCommander.exe, D:\Games\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\BEClient.dll,
Beginn des Suchlaufs: Sonntag, 20. Juli 2014 13:48
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD1(F:, H:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-LogRotatorService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMIGuardianSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-Service.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-Network.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-BlockDevice.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-SharedFolder.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'ClassicStartMenu.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5777' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Lokaler Datenträger>
C:\Users\Alex_Daniel\AppData\Local\Temp\is648496\mysearchdial.dll
[FUND] Enthält Erkennungsmuster der Adware ADWARE/MySearchDial.A.3
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\Alex_Daniel\AppData\Local\Temp\is648496\mysearchdial.dll
[FUND] Enthält Erkennungsmuster der Adware ADWARE/MySearchDial.A.3
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Sonntag, 20. Juli 2014 15:34
Benötigte Zeit: 1:36:51 Stunde(n)
Der Suchlauf wurde abgebrochen!
40147 Verzeichnisse wurden überprüft
1520358 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1520357 Dateien ohne Befall
8859 Archive wurden durchsucht
0 Warnungen
2 Hinweise
924236 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Hoffe ich habe das so richtig reinkopiert. Hoffe auf schnelle Hilfe. Mit freundlichen Grüßen, Danny |
|
20.07.2014, 21:05
| #2 |
| /// the machine /// TB-Ausbilder    | Mozilla Firefox öffnet unerwünschte Tabs automatisch hi,
__________________Scan mit Combofix
__________________ |
|
20.07.2014, 22:49
| #3 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Hi schrauber ;-),
__________________vielen Dank wieder für die schnelle Antwort. Combofix habe ich ohne Probleme durchlaufen lassen können allerdings war nach dem ersten Neustart mein Avira aus der Taskleiste weg. Als ich meinen Rechner dann wieder neu hochgefahren habe war er wieder da. Jetzt habe ich leider ein neues Problem.Ich kann nicht mehr auf Seiten mit meinem Internet-Explorer zugreifen.Ich komme aber auf die Startseite von Google und kann dort auch Suchbegriffe eingeben. Mit Firefox allerdings kann ich noch auf jede Seite gehen. So hier die Combofix-Log Datei. Combofix_1: Code:
ATTFilter ComboFix 14-07-20.02 - Alex_Daniel 20.07.2014 23:22:21.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8140.6056 [GMT 2:00]
ausgeführt von:: c:\users\Alex_Daniel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
Code:
ATTFilter ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
Combofix_3: Code:
ATTFilter ((((((((((((((((((((((( Dateien erstellt von 2014-06-20 bis 2014-07-20 ))))))))))))))))))))))))))))))
.
.
2014-07-20 18:33 . 2014-07-20 18:34 -------- d-----w- C:\FRST
2014-07-16 13:34 . 2014-07-16 13:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-15 13:54 . 2014-07-15 13:54 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2014-07-15 12:04 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89E005DF-32FF-4C84-B7B9-F303BE5A459E}\mpengine.dll
2014-07-15 12:00 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-15 11:59 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-15 11:59 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-15 11:59 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-10 15:13 . 2014-07-20 20:06 -------- d-----w- c:\users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-06 10:10 . 2014-07-06 10:10 -------- d-----w- c:\program files\Windows Live
2014-07-02 11:31 . 2014-07-14 12:40 -------- d-----w- c:\users\Alex_Daniel\AppData\Local\Warframe
2014-06-29 11:47 . 2014-06-29 11:47 -------- d-----w- c:\users\Alex_Daniel\AppData\Local\CrashRpt
.
.
.
Combofix_4: Code:
ATTFilter (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-15 12:02 . 2012-12-24 22:19 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-12 09:56 . 2012-12-27 18:25 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 09:56 . 2012-12-27 18:25 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 12:02 . 2013-05-09 16:01 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-01 11:58 . 2013-03-21 15:26 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-22 12:30 . 2013-03-21 15:26 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-08 09:32 . 2014-06-13 12:20 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-13 12:20 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-13 12:20 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-13 12:20 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
Combofix_5: Code:
ATTFilter (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 19:29 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 21:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-01 750160]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-15 3816272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 17:08 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 21:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-19 98304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
FF - ProfilePath - c:\users\Alex_Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4dn8v363.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 241540 - d:\games\Steam\steam.exe
AddRemove-Steam App 4000 - d:\games\Steam\steam.exe
AddRemove-Steam App 620 - d:\games\Steam\steam.exe
AddRemove-Steam App 72850 - d:\games\Steam\steam.exe
AddRemove-Steam App 730 - d:\games\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-411053833-585597847-4183179001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-411053833-585597847-4183179001-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-411053833-585597847-4183179001-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,0a,67,1b,75,b2,f4,b1,7b,6f,2d,7d,6a,8d,bb,0e,49,31,0c,4b,2c,3b,31,
4c,56,80,9d,9a,7e,48,0a,86,22,c8,d0,c4,b9,86,8c,34,fe,fe,6c,3f,f8,d7,f4,b1,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-411053833-585597847-4183179001-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,4f,31,9b,db,8b,36,9d,52,f7,7e,5e,9b,ba,3a,fe,d8,1a,c7,31,d7,
63,48,4c,61,ae,91,db,0a,fc,e3,5f,9e,64,a8,39,b2,8a,d1,0e,5e,e4,b9,4b,23,c2,\
"rkeysecu"=hex:f3,b0,5f,cc,83,18,1f,e5,6e,f3,f7,62,26,7d,82,85
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-20 23:32:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-20 21:32
.
Vor Suchlauf: 15 Verzeichnis(se), 12.309.528.576 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 12.704.681.984 Bytes frei
.
- - End Of File - - 9B0D47D257A4B106E387F6CB9A4F1587
A36C5E4F47E84449FF07ED3517B43A31
So richtig? Gruß Danny |
|
21.07.2014, 12:18
| #4 |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatisch Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2014, 15:53
| #5 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Hallo schrauber, alles ist ordentlich und ohne Probleme durchgelaufen. Hier die Log-Files: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.07.2014 Suchlauf-Zeit: 13:38:09 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.21.01 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alex_Daniel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 308245 Verstrichene Zeit: 8 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 16 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [aa7b247e5e1d40f67f5b97f9fd05e31d], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [aa7b247e5e1d40f67f5b97f9fd05e31d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [0025485a5c1f1620994d8b055ba71ce4], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [60c5f3afb8c388ae46980e8234ceb749], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [60c5f3afb8c388ae46980e8234ceb749], PUP.Optional.WebCake.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [151099097704d66021bc216f1ce646ba], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [5acba9f9d7a486b0fb251a77c63cef11], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [25002181007b42f48a97375a5da560a0], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [a1845a48c2b99d99b6bc814db949a858], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [8c990a987308979f8ebbb23abf437a86], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [879ef2b02e4dd2648d8532d32fd58977], PUP.Optional.DataMngr.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [28fd257def8cd3633f03a65bb0549a66], PUP.Optional.Iminent.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [0c191d85fb80d75f96b424c803fff40c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [a580e1c14338a2944b08f4f7fa08d42c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [73b2475b0774b482e87e22df788cdb25], PUP.Optional.Softonic.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [8c995151a0db81b5b5b6726859a92bd5], Registrierungswerte: 5 PUP.Optional.VideoDownloader.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{77BEC163-D389-42c1-91A4-C758846296A5}, In Quarantäne, [6eb79b07e2990036bf539af68e7424dc], PUP.Optional.VideoDownloader.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{77BEC163-D389-42C1-91A4-C758846296A5}, C:\Program Files\Video downloader\Firefox, In Quarantäne, [6eb79b07e2990036bf539af68e7424dc] PUP.Optional.VideoDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{77BEC163-D389-42C1-91A4-C758846296A5}, C:\Program Files\Video downloader\Firefox, In Quarantäne, [6eb79b07e2990036bf539af68e7424dc] PUP.Optional.VideoDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{77BEC163-D389-42c1-91A4-C758846296A5}, In Quarantäne, [fa2bc6dc0a719e982be76f213bc7cb35], PUP.Optional.InstallCore.A, HKU\S-1-5-21-411053833-585597847-4183179001-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, In Quarantäne, [73b2475b0774b482e87e22df788cdb25] Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [1b0a930fa0db31054df6895217ec43bd], Dateien: 2 PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [9a8b574be2991422c9217fa1a15ff907], Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [1b0a930fa0db31054df6895217ec43bd], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner[S0] Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 21/07/2014 um 13:53:12
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Alex_Daniel - ALEX_DANIEL-PC
# Gestartet von : C:\Users\Alex_Daniel\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Users\Alex_Daniel\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Alex_Daniel\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Alex_Daniel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Alex_Daniel\AppData\Roaming\PerformerSoft
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKCU\Software\d4de8db06aba46
Schlüssel Gelöscht : HKLM\SOFTWARE\d4de8db06aba46
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-runtime-environment_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_java-runtime-environment_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-classic_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-classic_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\Video downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Video downloader
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Alex_Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4dn8v363.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [13587 octets] - [21/07/2014 13:52:57]
AdwCleaner[S0].txt - [13227 octets] - [21/07/2014 13:53:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13288 octets] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Alex_Daniel on 21.07.2014 at 13:57:52.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-411053833-585597847-4183179001-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-411053833-585597847-4183179001-1000\Software\video downloader
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Emptied folder: C:\Users\Alex_Daniel\AppData\Roaming\mozilla\firefox\profiles\4dn8v363.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2014 at 14:01:14.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Alex_Daniel (administrator) on ALEX_DANIEL-PC on 21-07-2014 16:48:04
Running from C:\Users\Alex_Daniel\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-07-15] (LogMeIn Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65E74E461FE2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {714CE3C3-039B-4B76-9F6F-9EA480F4B5D7} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java 32 bit\bin\ssv.dll No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java 32 bit\bin\jp2ssv.dll No File
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Alex_Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4dn8v363.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java 32 bit\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-29]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-14] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-16] ()
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-01-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-01-19] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-25] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-21 14:01 - 2014-07-21 14:01 - 00001207 _____ () C:\Users\Alex_Daniel\Desktop\JRT.txt
2014-07-21 13:57 - 2014-07-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 13:56 - 2014-07-21 13:56 - 01016261 _____ (Thisisu) C:\Users\Alex_Daniel\Desktop\JRT.exe
2014-07-21 13:55 - 2014-07-21 13:53 - 00013553 _____ () C:\Users\Alex_Daniel\Desktop\AdwCleaner[S0].txt
2014-07-21 13:52 - 2014-07-21 13:53 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:51 - 2014-07-21 13:51 - 01354223 _____ () C:\Users\Alex_Daniel\Desktop\adwcleaner_3.216.exe
2014-07-21 13:50 - 2014-07-21 13:50 - 00005212 _____ () C:\Users\Alex_Daniel\Desktop\mbam.txt
2014-07-21 13:37 - 2014-07-21 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 13:37 - 2014-07-21 13:37 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-21 13:37 - 2014-07-21 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 13:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 13:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 13:35 - 2014-07-21 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex_Daniel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:32 - 2014-07-20 23:32 - 00017212 _____ () C:\ComboFix.txt
2014-07-20 23:20 - 2014-07-20 23:32 - 00000000 ____D () C:\Qoobox
2014-07-20 23:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 23:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 23:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 23:19 - 2014-07-20 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:18 - 2014-07-20 23:18 - 05561612 ____R (Swearware) C:\Users\Alex_Daniel\Desktop\ComboFix.exe
2014-07-20 21:00 - 2014-07-20 21:00 - 00004452 _____ () C:\Users\Alex_Daniel\Desktop\gmer.txt
2014-07-20 20:36 - 2014-07-20 20:36 - 00380416 _____ () C:\Users\Alex_Daniel\Desktop\Gmer-19357.exe
2014-07-20 20:34 - 2014-07-20 20:34 - 00037440 _____ () C:\Users\Alex_Daniel\Desktop\Addition.txt
2014-07-20 20:33 - 2014-07-21 16:48 - 00010418 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-20 20:33 - 2014-07-21 16:48 - 00000000 ____D () C:\FRST
2014-07-20 20:31 - 2014-07-20 20:32 - 02089984 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:51 - 2014-07-15 15:53 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:01 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-15 14:01 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-15 14:01 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-15 14:01 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-15 14:01 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-15 14:01 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-15 14:01 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-15 14:01 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-15 14:01 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-15 14:01 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-15 14:01 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-15 14:01 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-15 14:01 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-15 14:01 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-15 14:01 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-15 14:01 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-15 14:01 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-15 14:01 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-15 14:01 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-15 14:01 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-15 14:00 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-15 14:00 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-15 14:00 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-15 14:00 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-15 14:00 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-15 14:00 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-15 14:00 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-15 14:00 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-15 13:59 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-15 13:59 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-15 13:59 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-10 17:13 - 2014-07-20 22:06 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-02 13:31 - 2014-07-14 14:40 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
2014-06-21 13:47 - 2014-06-21 13:47 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Just Cause 2 Multiplayer.url
==================== One Month Modified Files and Folders =======
2014-07-21 16:48 - 2014-07-20 20:33 - 00010418 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-21 16:48 - 2014-07-20 20:33 - 00000000 ____D () C:\FRST
2014-07-21 16:47 - 2013-03-12 15:53 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\LogMeIn Hamachi
2014-07-21 16:46 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 16:46 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 16:38 - 2013-12-11 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 16:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 16:38 - 2009-07-14 06:51 - 00155609 _____ () C:\Windows\setupact.log
2014-07-21 14:02 - 2012-12-25 06:15 - 01803414 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 14:01 - 2014-07-21 14:01 - 00001207 _____ () C:\Users\Alex_Daniel\Desktop\JRT.txt
2014-07-21 13:57 - 2014-07-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 13:56 - 2014-07-21 13:56 - 01016261 _____ (Thisisu) C:\Users\Alex_Daniel\Desktop\JRT.exe
2014-07-21 13:53 - 2014-07-21 13:55 - 00013553 _____ () C:\Users\Alex_Daniel\Desktop\AdwCleaner[S0].txt
2014-07-21 13:53 - 2014-07-21 13:52 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:53 - 2010-11-21 05:47 - 00133412 _____ () C:\Windows\PFRO.log
2014-07-21 13:51 - 2014-07-21 13:51 - 01354223 _____ () C:\Users\Alex_Daniel\Desktop\adwcleaner_3.216.exe
2014-07-21 13:50 - 2014-07-21 13:50 - 00005212 _____ () C:\Users\Alex_Daniel\Desktop\mbam.txt
2014-07-21 13:49 - 2014-07-21 13:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 13:47 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-07-21 13:37 - 2014-07-21 13:37 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-21 13:37 - 2014-07-21 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 13:35 - 2014-07-21 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex_Daniel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:32 - 2014-07-20 23:32 - 00017212 _____ () C:\ComboFix.txt
2014-07-20 23:32 - 2014-07-20 23:20 - 00000000 ____D () C:\Qoobox
2014-07-20 23:31 - 2014-07-20 23:19 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 23:26 - 2009-07-14 04:34 - 72089600 _____ () C:\Windows\system32\config\software.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 02621440 _____ () C:\Windows\system32\config\default.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-20 23:19 - 2012-12-26 00:10 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Skype
2014-07-20 23:18 - 2014-07-20 23:18 - 05561612 ____R (Swearware) C:\Users\Alex_Daniel\Desktop\ComboFix.exe
2014-07-20 22:06 - 2014-07-10 17:13 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-20 21:00 - 2014-07-20 21:00 - 00004452 _____ () C:\Users\Alex_Daniel\Desktop\gmer.txt
2014-07-20 20:36 - 2014-07-20 20:36 - 00380416 _____ () C:\Users\Alex_Daniel\Desktop\Gmer-19357.exe
2014-07-20 20:34 - 2014-07-20 20:34 - 00037440 _____ () C:\Users\Alex_Daniel\Desktop\Addition.txt
2014-07-20 20:32 - 2014-07-20 20:31 - 02089984 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-20 20:26 - 2012-12-24 23:21 - 00000000 ____D () C:\Users\Alex_Daniel
2014-07-18 20:47 - 2014-02-17 20:36 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\ftblauncher
2014-07-17 18:32 - 2014-04-16 22:24 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\.minecraft
2014-07-16 21:07 - 2013-12-22 19:14 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\FileZilla
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-16 15:34 - 2014-07-16 15:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:53 - 2014-07-15 15:51 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:12 - 2009-07-14 06:45 - 00276136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 14:10 - 2014-04-30 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 14:10 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-15 14:04 - 2013-12-11 14:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 14:02 - 2012-12-25 00:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-15 13:51 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-14 14:40 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-14 14:30 - 2013-11-06 16:02 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2014-07-14 14:19 - 2013-03-11 16:48 - 00000000 ____D () C:\Program Files (x86)\Klett
2014-07-14 14:19 - 2012-12-25 01:33 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-12 11:56 - 2012-12-27 20:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 11:56 - 2012-12-27 20:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 16:27 - 2012-12-25 14:15 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2 OA
2014-07-10 16:19 - 2012-12-25 16:20 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2
2014-07-10 15:40 - 2012-12-25 14:12 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-10 14:02 - 2013-05-09 18:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-06 12:10 - 2012-12-25 01:22 - 00001509 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-06 12:10 - 2012-12-25 01:21 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-02 13:32 - 2012-12-25 14:15 - 00176899 _____ () C:\Windows\DirectX.log
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:16 - 2012-12-24 23:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-07-01 13:58 - 2013-03-21 17:26 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-30 04:09 - 2014-07-15 14:00 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-15 14:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
2014-06-27 20:02 - 2013-07-18 17:22 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\TS3Client
2014-06-27 16:04 - 2012-12-25 22:28 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\My Games
2014-06-22 15:03 - 2013-09-10 19:15 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\Visual Studio 2012
2014-06-21 13:47 - 2014-06-21 13:47 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Just Cause 2 Multiplayer.url
2014-06-21 12:58 - 2014-04-30 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Alex_Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-09 18:09
==================== End Of Log ============================
gruß Danny |
|
22.07.2014, 10:49
| #6 |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatischESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Mozilla Firefox öffnet unerwünschte Tabs automatisch |
|
22.07.2014, 19:48
| #7 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Hallo, Alles gut durchgelaufen. Kann jetzt wieder mit Internet Explorer auf Websites zugreifen. Dafür ein dickes Dankeschön. Hoffe das sich jetzt keine Websites mehr automatisch öffnen ;-). In jeder Partition ist jetzt der Ordner %Recycle.Bin erstellt worden und in der D-Partition ist auch eine Config.Msi erstellt worden.Diese waren vorher noch nicht da. Was soll ich jetzt mit diesen Dateien tun? Ich hätte auch noch eine Frage: Wie lösche ich die ganzen neuen Programme und Log-Files richtig? Hier die gewünschten Log-Files: Eset Online-Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4c07b9a3eceb604581727ad941d57582
# engine=19292
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-22 01:17:30
# local_time=2014-07-22 03:17:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 7100 271458340 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 310245 157664900 0 0
# scanned=333839
# found=2
# cleaned=0
# scan_time=6512
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="D:\Games\Emulatoren\Amiga und N64\N64\setup_Project64_2.1.exe"
sh=9476CB54C1642687F63156C1B19069094CA73C07 ft=1 fh=5f6811352acd3348 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung\Media Player Classic\SoftonicDownloader_fuer_media-player-classic.exe"
SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Alex_Daniel (administrator) on ALEX_DANIEL-PC on 22-07-2014 15:29:34
Running from C:\Users\Alex_Daniel\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65E74E461FE2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {714CE3C3-039B-4B76-9F6F-9EA480F4B5D7} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {714CE3C3-039B-4B76-9F6F-9EA480F4B5D7} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java 32 bit\bin\ssv.dll No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java 32 bit\bin\jp2ssv.dll No File
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Alex_Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4dn8v363.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java 32 bit\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-29]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-16] ()
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-01-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-01-19] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-25] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 15:29 - 2014-07-22 15:29 - 00000000 ____D () C:\Users\Alex_Daniel\Desktop\FRST-OlderVersion
2014-07-22 15:24 - 2014-07-22 15:24 - 00854390 _____ () C:\Users\Alex_Daniel\Desktop\SecurityCheck.exe
2014-07-22 13:19 - 2014-07-22 13:19 - 02347384 _____ (ESET) C:\Users\Alex_Daniel\Downloads\esetsmartinstaller_deu.exe
2014-07-22 13:14 - 2014-07-22 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:14 - 2014-07-22 13:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-21 14:01 - 2014-07-21 14:01 - 00001207 _____ () C:\Users\Alex_Daniel\Desktop\JRT.txt
2014-07-21 13:57 - 2014-07-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 13:56 - 2014-07-21 13:56 - 01016261 _____ (Thisisu) C:\Users\Alex_Daniel\Desktop\JRT.exe
2014-07-21 13:55 - 2014-07-21 13:53 - 00013553 _____ () C:\Users\Alex_Daniel\Desktop\AdwCleaner[S0].txt
2014-07-21 13:52 - 2014-07-21 13:53 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:51 - 2014-07-21 13:51 - 01354223 _____ () C:\Users\Alex_Daniel\Desktop\adwcleaner_3.216.exe
2014-07-21 13:50 - 2014-07-21 13:50 - 00005212 _____ () C:\Users\Alex_Daniel\Desktop\mbam.txt
2014-07-21 13:37 - 2014-07-21 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 13:37 - 2014-07-21 13:37 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-21 13:37 - 2014-07-21 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 13:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 13:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 13:35 - 2014-07-21 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex_Daniel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:32 - 2014-07-20 23:32 - 00017212 _____ () C:\ComboFix.txt
2014-07-20 23:20 - 2014-07-20 23:32 - 00000000 ____D () C:\Qoobox
2014-07-20 23:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 23:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 23:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 23:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 23:19 - 2014-07-20 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:18 - 2014-07-20 23:18 - 05561612 ____R (Swearware) C:\Users\Alex_Daniel\Desktop\ComboFix.exe
2014-07-20 21:00 - 2014-07-20 21:00 - 00004452 _____ () C:\Users\Alex_Daniel\Desktop\gmer.txt
2014-07-20 20:36 - 2014-07-20 20:36 - 00380416 _____ () C:\Users\Alex_Daniel\Desktop\Gmer-19357.exe
2014-07-20 20:34 - 2014-07-20 20:34 - 00037440 _____ () C:\Users\Alex_Daniel\Desktop\Addition.txt
2014-07-20 20:33 - 2014-07-22 15:29 - 00010965 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-20 20:33 - 2014-07-22 15:29 - 00000000 ____D () C:\FRST
2014-07-20 20:31 - 2014-07-22 15:29 - 02090496 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:51 - 2014-07-15 15:53 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:01 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-15 14:01 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-15 14:01 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-15 14:01 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-15 14:01 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-15 14:01 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-15 14:01 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-15 14:01 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-15 14:01 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-15 14:01 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-15 14:01 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-15 14:01 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-15 14:01 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-15 14:01 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-15 14:01 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-15 14:01 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-15 14:01 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-15 14:01 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-15 14:01 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-15 14:01 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-15 14:01 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-15 14:01 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-15 14:01 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-15 14:01 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-15 14:01 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-15 14:01 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-15 14:01 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-15 14:01 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-15 14:01 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-15 14:01 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-15 14:01 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-15 14:01 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-15 14:01 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-15 14:01 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-15 14:01 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-15 14:01 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-15 14:00 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-15 14:00 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-15 14:00 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-15 14:00 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-15 14:00 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-15 14:00 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-15 14:00 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-15 14:00 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-15 14:00 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-15 13:59 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-15 13:59 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-15 13:59 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-10 17:13 - 2014-07-21 17:16 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-02 13:31 - 2014-07-14 14:40 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
==================== One Month Modified Files and Folders =======
2014-07-22 15:30 - 2014-07-20 20:33 - 00010965 _____ () C:\Users\Alex_Daniel\Desktop\FRST.txt
2014-07-22 15:29 - 2014-07-22 15:29 - 00000000 ____D () C:\Users\Alex_Daniel\Desktop\FRST-OlderVersion
2014-07-22 15:29 - 2014-07-20 20:33 - 00000000 ____D () C:\FRST
2014-07-22 15:29 - 2014-07-20 20:31 - 02090496 _____ (Farbar) C:\Users\Alex_Daniel\Desktop\FRST64.exe
2014-07-22 15:29 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 15:29 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 15:25 - 2012-12-25 06:15 - 01815962 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 15:24 - 2014-07-22 15:24 - 00854390 _____ () C:\Users\Alex_Daniel\Desktop\SecurityCheck.exe
2014-07-22 15:22 - 2013-03-12 15:53 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\LogMeIn Hamachi
2014-07-22 15:21 - 2013-12-11 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 15:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 15:21 - 2009-07-14 06:51 - 00155889 _____ () C:\Windows\setupact.log
2014-07-22 13:19 - 2014-07-22 13:19 - 02347384 _____ (ESET) C:\Users\Alex_Daniel\Downloads\esetsmartinstaller_deu.exe
2014-07-22 13:14 - 2014-07-22 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:14 - 2014-07-22 13:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-21 21:15 - 2012-12-26 00:10 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Skype
2014-07-21 17:16 - 2014-07-10 17:13 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ftblauncher
2014-07-21 14:01 - 2014-07-21 14:01 - 00001207 _____ () C:\Users\Alex_Daniel\Desktop\JRT.txt
2014-07-21 13:57 - 2014-07-21 13:57 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 13:56 - 2014-07-21 13:56 - 01016261 _____ (Thisisu) C:\Users\Alex_Daniel\Desktop\JRT.exe
2014-07-21 13:53 - 2014-07-21 13:55 - 00013553 _____ () C:\Users\Alex_Daniel\Desktop\AdwCleaner[S0].txt
2014-07-21 13:53 - 2014-07-21 13:52 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:53 - 2010-11-21 05:47 - 00133412 _____ () C:\Windows\PFRO.log
2014-07-21 13:51 - 2014-07-21 13:51 - 01354223 _____ () C:\Users\Alex_Daniel\Desktop\adwcleaner_3.216.exe
2014-07-21 13:50 - 2014-07-21 13:50 - 00005212 _____ () C:\Users\Alex_Daniel\Desktop\mbam.txt
2014-07-21 13:49 - 2014-07-21 13:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 13:47 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-07-21 13:37 - 2014-07-21 13:37 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-21 13:37 - 2014-07-21 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-21 13:35 - 2014-07-21 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex_Daniel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 23:32 - 2014-07-20 23:32 - 00017212 _____ () C:\ComboFix.txt
2014-07-20 23:32 - 2014-07-20 23:20 - 00000000 ____D () C:\Qoobox
2014-07-20 23:31 - 2014-07-20 23:19 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 23:26 - 2009-07-14 04:34 - 72089600 _____ () C:\Windows\system32\config\software.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 02621440 _____ () C:\Windows\system32\config\default.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-20 23:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-20 23:18 - 2014-07-20 23:18 - 05561612 ____R (Swearware) C:\Users\Alex_Daniel\Desktop\ComboFix.exe
2014-07-20 21:00 - 2014-07-20 21:00 - 00004452 _____ () C:\Users\Alex_Daniel\Desktop\gmer.txt
2014-07-20 20:36 - 2014-07-20 20:36 - 00380416 _____ () C:\Users\Alex_Daniel\Desktop\Gmer-19357.exe
2014-07-20 20:34 - 2014-07-20 20:34 - 00037440 _____ () C:\Users\Alex_Daniel\Desktop\Addition.txt
2014-07-20 20:26 - 2014-07-20 20:26 - 00050477 _____ () C:\Users\Alex_Daniel\Desktop\Defogger.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 00000594 _____ () C:\Users\Alex_Daniel\Desktop\defogger_disable.log
2014-07-20 20:26 - 2014-07-20 20:26 - 00000020 _____ () C:\Users\Alex_Daniel\defogger_reenable
2014-07-20 20:26 - 2012-12-24 23:21 - 00000000 ____D () C:\Users\Alex_Daniel
2014-07-18 20:47 - 2014-02-17 20:36 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\ftblauncher
2014-07-17 18:32 - 2014-04-16 22:24 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\.minecraft
2014-07-16 21:07 - 2013-12-22 19:14 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\FileZilla
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-15 15:53 - 2014-07-15 15:51 - 04996210 _____ (Tim Kosse) C:\Users\Alex_Daniel\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-15 14:12 - 2009-07-14 06:45 - 00276136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 14:10 - 2014-04-30 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 14:10 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 14:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-15 14:04 - 2013-12-11 14:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 14:02 - 2012-12-25 00:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-15 13:51 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-14 14:50 - 2014-07-14 14:50 - 00000208 _____ () C:\Users\Alex_Daniel\Desktop\Unturned.url
2014-07-14 14:40 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\Warframe
2014-07-14 14:30 - 2013-11-06 16:02 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2014-07-14 14:19 - 2013-03-11 16:48 - 00000000 ____D () C:\Program Files (x86)\Klett
2014-07-14 14:19 - 2012-12-25 01:33 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-12 11:56 - 2012-12-27 20:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 11:56 - 2012-12-27 20:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 16:27 - 2012-12-25 14:15 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2 OA
2014-07-10 16:19 - 2012-12-25 16:20 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\ArmA 2
2014-07-10 15:40 - 2012-12-25 14:12 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-07-10 14:02 - 2013-05-09 18:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-06 12:10 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-06 12:10 - 2012-12-25 01:22 - 00001509 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-06 12:10 - 2012-12-25 01:21 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-02 13:32 - 2012-12-25 14:15 - 00176899 _____ () C:\Windows\DirectX.log
2014-07-02 13:31 - 2014-07-02 13:31 - 00002348 _____ () C:\Users\Alex_Daniel\Desktop\Warframe.lnk
2014-07-02 13:31 - 2014-07-02 13:31 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2014-07-01 14:16 - 2012-12-24 23:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-01 14:11 - 2014-07-01 14:11 - 00001486 _____ () C:\Users\Alex_Daniel\Desktop\Project 64.lnk
2014-07-01 13:58 - 2013-03-21 17:26 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 23:00 - 2014-06-30 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2014-06-30 04:09 - 2014-07-15 14:00 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-15 14:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:47 - 2014-06-29 13:47 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Local\CrashRpt
2014-06-27 20:02 - 2013-07-18 17:22 - 00000000 ____D () C:\Users\Alex_Daniel\AppData\Roaming\TS3Client
2014-06-27 16:04 - 2012-12-25 22:28 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\My Games
2014-06-22 15:03 - 2013-09-10 19:15 - 00000000 ____D () C:\Users\Alex_Daniel\Documents\Visual Studio 2012
Some content of TEMP:
====================
C:\Users\Alex_Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Alex_Daniel\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-09 18:09
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Viele, vielen Dank für Ihre Bemühungen und Ihre Hilfe. Mit freundlichen Grüßen, Danny Edit: Internet Explorer 11 lässt sich nicht mehr neu installieren mit Windows Updates. Geändert von Danny042899 (22.07.2014 um 14:58 Uhr) Grund: Ergänzung |
|
23.07.2014, 11:22
| #8 | |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatisch Java updaten. Die Ordner wurden nit erstellt, die waren schon immer da, nur versteckt Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2014, 12:21
| #9 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Hi schrauber, Java wurde erfolgreich upgedatet.(Hoffe ich zumindest ;-)) Als ich den Internet Explorer wieder installieren wollte hat es ohne Probleme geklappt. Allerdings hab ich ihn jetzt nicht von Windows Updates installieren lassen sondern habe ihn mir von folgender Internetseite runtergeladen und installiert: hxxp://www.chip.de/downloads/Internet-Explorer-11-64-Bit_62701931.html Vielleicht hat es jetzt geklappt weil ich mein Java upgedatet habe? Ich habe wieder nach Windows Updates gesucht und dann hat er 2 Sicherheitsupdates für Internet Explorer angezeigt die ich sofort installiert habe.Also weiß Windows das ich den IE11 habe obwohl ich ihn mir nicht von Windows geholt habe. Gruß Danny |
|
24.07.2014, 09:31
| #10 |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatisch Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2014, 12:09
| #11 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Hi schrauber, Jetzt läuft alles wieder wie vorher. Ich habe alles so gelöscht wie sie geschrieben haben. Ich hätte aber noch eine kurze Frage:Wie installiere ich mir die Addons NoScript und AdBlock für Firefox richtig? Gruß Danny |
|
24.07.2014, 19:38
| #12 |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatisch Firefox öffnen > Extras > Addons
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2014, 15:50
| #13 |
| | Mozilla Firefox öffnet unerwünschte Tabs automatisch Ok danke hab es aktieviert.Vielen Dank für ihre Hilfe. Sie können das Thema jetzt schließen. Funktioniert alles wieder wie immer. ;-) Gruß Danny |
|
26.07.2014, 08:07
| #14 |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet unerwünschte Tabs automatisch Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
