| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2014, 01:46
| #1 |
| |  Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Hallo. Ich muss dass ganze hier von meinem Handy aus schreiben daher sorry für Rechtschreibfehler. Also es war so dass ich erst UPlay löschen wollte da ich es nicht mehr brauche als ich in den Ordner ging wollte ich die Daten löschen was aber nicht ging da diese beschädigt waren dass wunderte mich.Es tauchte auch die Meldung unten rechts auf das ich CHKDSK mache soll ich dachte mir nix dabei.Später wollte ich DayZ commander starten der Grund ist egal denke ich als ich dass tat kamm die gleiche fehlermeldung dass machte mir langsam Angst daher beschloss ich das ich mal mein Avg scannen lasse tat ich auch dann.Als es fertig war fand es 1 Virus der auch gelöscht wurde.Kurz dannach beschloss ich auch mal Trojan remover , jrt und adwcleaner laufen zu lassen.Trojan remover fand 2 Viruse einmal ein debug für Task manager was aber ok war weil das wegen mir war und cmd mit utilman.exe sagte mir nichts und hielt es deshalb für eine Bedrohung und deaktivierte es und löschte es aus der regestry per Trojan remover.Ich startete mein PC nicht neu und ließ gleich dannach adwcleaner und jrt laufen , adwcleaner hat nicht wirklich viel gemacht allerdings hatte jrt eine Bedrohung gefunden.Nachdem alles fertig war (avg,jrt,adwcleaner und trojan remover) machte ich auch noch CHKDSK und dannach ließ ich mein PC neustarten dann machte sich CHKDSK ans werk.Als es dann fertig war wurde ich gefragt ob ich es im Abgesicherten Modus starte will ich sagte mir nein und startete es gans normal.Und als der PC beim Windows 7 wirs gestartet Bild kamm gingen die LED-Lichter meiner Maus und Tastatur aus und ich war verwirtt.Die Maus und Tastatur reagierten ueberhaupt nicht.Ich probierte dannach mein PC im abgesicherten Modus zu starten was allerdings nicht geholfe hatte.Ich hatte auch schon probiert Maus und Tastatur kabel ein und rauszustecken half auch nicht. So dass war alles was ich dazu sage konnte. Ich hoffe ihr könnt mir helfen  MfG Alex |
|
22.07.2014, 07:54
| #2 |
| /// the machine /// TB-Ausbilder    | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.07.2014, 12:50
| #3 |
| | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Hallo.
__________________Hier sind die logs vom FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by User (administrator) on ALEX-PC on 22-07-2014 13:45:55
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\wkcalrem.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-07-22] (Simply Super Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-08] (Spotify Ltd)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1909592 2014-07-21] (BitTorrent Inc.)
IFEO\taskmgr.exe: [Debugger] "C:\PROCEXP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8A0A56CEEEDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {E094670B-E5C9-4583-B8D1-4DB902EC98A3} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\User\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\battlefieldplay4free@ea.com [2013-12-25]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\ich@maltegoetz.de [2014-05-24]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\firefox@ghostery.com.xpi [2014-07-16]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\info@convert2mp3.net.xpi [2013-11-08]
FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-08]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-17]
FF Extension: YouTube High Definition - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-16]
FF Extension: Gutscheinaffe - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-11-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: QuickJava - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-02-25] (EasyAntiCheat Ltd)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-04-13] (Locktime Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4687672 2012-05-15] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-22] () [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-28] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-30] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-28] ()
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-04-13] (Locktime Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2013-12-31] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xnacc; system32\DRIVERS\xnacc.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 13:45 - 2014-07-22 13:46 - 00022474 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-22 13:45 - 2014-07-22 13:46 - 00000000 ____D () C:\FRST
2014-07-22 13:45 - 2014-07-22 13:45 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-22 13:40 - 2014-07-22 13:40 - 00000000 ____D () C:\Windows\LastGood
2014-07-22 01:41 - 2014-07-22 01:41 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-22 01:40 - 2014-07-22 01:40 - 00003792 ____N () C:\bootsqm.dat
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 __SHD () C:\found.000
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Downloads\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 00:59 - 2014-07-22 00:59 - 00001078 _____ () C:\Users\User\Desktop\FastScan.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:58 - 2014-07-22 00:58 - 00001195 _____ () C:\Users\User\Desktop\File Repair.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\Program Files (x86)\Repair File
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:53 - 2014-07-22 00:54 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:52 - 2014-07-22 00:53 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:27 - 2014-07-21 23:28 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 18:27 - 2014-07-21 18:28 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:27 - 2014-07-21 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 17:57 - 2014-07-21 18:00 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-21 13:14 - 2014-07-21 14:42 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.0.0_Complete.exe
2014-07-21 13:14 - 2014-07-21 13:16 - 50922509 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.1.0_Patch.exe
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:35 - 2014-07-19 22:36 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 18:15 - 2014-07-19 18:15 - 00000382 _____ () C:\Windows\DirectX.log
2014-07-18 19:24 - 2014-07-18 19:31 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-18 09:29 - 2014-07-18 19:24 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-14 23:52 - 2014-07-15 00:06 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-14 23:52 - 2014-07-15 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-09 22:05 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 12:27 - 2014-07-22 13:40 - 00003002 _____ () C:\Windows\setupact.log
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-06-28 15:40 - 2014-07-18 14:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 22:45 - 2014-07-08 19:27 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
2014-06-23 22:59 - 2014-06-23 22:59 - 00000000 ____D () C:\Users\User\Documents\NBGI
2014-06-23 22:58 - 2014-06-23 22:58 - 00000000 ____D () C:\Users\User\AppData\Local\NBGI
==================== One Month Modified Files and Folders =======
2014-07-22 13:46 - 2014-07-22 13:45 - 00022474 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-22 13:46 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-22 13:45 - 2014-07-22 13:45 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-22 13:45 - 2013-01-23 03:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-07-22 13:44 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 13:44 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 13:43 - 2013-11-12 17:58 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-07-22 13:42 - 2012-10-08 19:29 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-07-22 13:41 - 2012-10-01 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-22 13:41 - 2012-10-01 17:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-22 13:40 - 2014-07-22 13:40 - 00000000 ____D () C:\Windows\LastGood
2014-07-22 13:40 - 2014-07-08 12:27 - 00003002 _____ () C:\Windows\setupact.log
2014-07-22 13:40 - 2012-10-16 12:23 - 01327466 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 13:37 - 2012-10-09 21:57 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-07-22 13:37 - 2012-10-01 17:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-07-22 13:36 - 2013-10-02 14:23 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 13:34 - 2012-06-01 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 13:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 02:49 - 2012-06-01 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 01:41 - 2014-07-22 01:41 - 00000330 _____ () C:\Windows\PFRO.log
2014-07-22 01:40 - 2014-07-22 01:40 - 00003792 ____N () C:\bootsqm.dat
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 __SHD () C:\found.000
2014-07-22 01:22 - 2014-01-06 14:23 - 00000000 ____D () C:\AdwCleaner
2014-07-22 01:21 - 2012-10-15 23:39 - 00000000 ____D () C:\Users\User\Desktop\Zeugs
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Downloads\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 01:01 - 2013-01-04 21:19 - 00000000 ____D () C:\procexp
2014-07-22 00:59 - 2014-07-22 00:59 - 00001078 _____ () C:\Users\User\Desktop\FastScan.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:58 - 2014-07-22 00:58 - 00001195 _____ () C:\Users\User\Desktop\File Repair.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\Program Files (x86)\Repair File
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:54 - 2014-07-22 00:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:52 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:32 - 2012-10-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-07-21 23:28 - 2014-07-21 23:27 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-21 18:28 - 2014-07-21 18:27 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:28 - 2014-07-21 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 18:00 - 2014-07-21 17:57 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-21 14:42 - 2014-07-21 13:14 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.0.0_Complete.exe
2014-07-21 13:42 - 2014-06-13 23:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-07-21 13:16 - 2014-07-21 13:14 - 50922509 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.1.0_Patch.exe
2014-07-21 12:00 - 2012-10-08 10:09 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-07-20 17:46 - 2012-11-05 13:38 - 00000000 ____D () C:\Users\User\AppData\Local\ArmA 2 OA
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:36 - 2014-07-19 22:35 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 18:15 - 2014-07-19 18:15 - 00000382 _____ () C:\Windows\DirectX.log
2014-07-19 17:25 - 2013-04-15 11:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 22:52 - 2012-11-20 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-07-18 19:31 - 2014-07-18 19:24 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 19:24 - 2014-07-18 09:29 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 14:23 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-07-18 11:22 - 2014-04-12 11:27 - 00000000 ____D () C:\Users\User\AppData\Local\Arma 3
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 17:55 - 2013-10-02 17:17 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-07-15 00:06 - 2014-07-14 23:52 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-15 00:06 - 2014-07-14 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-14 14:40 - 2014-06-13 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 12:52 - 2014-05-27 12:33 - 00000000 ____D () C:\Users\User\Desktop\sprengel1974@mail.ru - Почта Mail.Ru-Dateien
2014-07-12 12:50 - 2014-07-09 22:05 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-10 13:40 - 2012-11-12 22:51 - 00000000 ____D () C:\Users\User\Desktop\Musik
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:04 - 2012-10-03 00:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 18:49 - 2012-06-01 17:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 18:49 - 2012-06-01 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 18:49 - 2012-06-01 17:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 19:27 - 2014-06-26 22:45 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 10:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 19:08 - 2012-10-02 23:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 17:40 - 2012-11-20 00:50 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-07-03 15:59 - 2014-05-29 00:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-03 15:58 - 2014-05-29 00:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-03 15:58 - 2013-01-29 20:51 - 00000000 ____D () C:\ProgramData\Origin
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-07-03 12:27 - 2014-04-02 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-03 12:27 - 2013-09-24 18:01 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 14:09 - 2012-10-01 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
2014-06-24 11:28 - 2014-06-18 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-24 11:21 - 2013-02-13 22:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-06-24 11:20 - 2013-09-24 18:00 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-23 22:59 - 2014-06-23 22:59 - 00000000 ____D () C:\Users\User\Documents\NBGI
2014-06-23 22:58 - 2014-06-23 22:58 - 00000000 ____D () C:\Users\User\AppData\Local\NBGI
2014-06-23 17:44 - 2013-12-01 23:50 - 00000000 ____D () C:\Users\User\Documents\Stronghold Crusader
2014-06-23 17:29 - 2014-06-03 20:29 - 00001054 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\User\AppData\Local\Temp\jansi-64-git-Spigot-1.7.2-R0.3-133-gf5f9a0d.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 07:07
==================== End Of Log ============================
Und hier Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by User at 2014-07-22 13:46:41
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions)
applicationupdater (HKCU\...\SOE-C:/Users/User/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2 Dedicated Server (HKLM-x32\...\Steam App 33905) (Version: - Bohemia Interactive)
ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version: - )
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version: - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version: - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ArmA II Launcher (HKLM-x32\...\{EACFCDA4-3286-4DEB-92D8-53006239F347}) (Version: 1.4.1.0 - Spirited Machine)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
B110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
Battlefield 2(TM) Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32355 - BitTorrent Inc.)
Blitzkrieg Mod version 4.8.1.0 (HKLM-x32\...\{81EC7B6D-B297-4820-B5BE-5A2373725158}_is1) (Version: 4.8.1.0 - Blitzkrieg Mod Team)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Camtasia Studio 8 (HKLM-x32\...\{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}) (Version: 8.0.1.903 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version: - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{5FB0FF9D-FAFB-4395-BE6D-CCCDF7C035A2}) (Version: 0.9.99 - Dotjosh Studios)
Defiance (HKLM-x32\...\Glyph Defiance) (Version: - Trion Worlds, Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Eternal Damnation: A Postal 2 Modification (HKLM-x32\...\Eternal Damnation: A Postal 2 Modification) (Version: - )
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.0.4.2.2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.4.2.2 Alpha - ETS2MP Team)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Kalydo Player 4.10.02 (HKCU\...\KalydoPlayer) (Version: 4.10.02 - Eximion B.V.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.5.0) (Version: 4.0.5.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.5.0 - Locktime Software) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Oblivion - BTmod 2.20 (HKLM-x32\...\BTmod) (Version: 2.20 - Beider & Tikigod)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pamela RME 2.0 (HKLM-x32\...\MoodEditor) (Version: 2.0 - Scendix Software-Vertriebsges. mbH)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plus500 (HKLM-x32\...\Plus500) (Version: - )
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.0) (Version: - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - Croteam)
Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - Croteam)
Serious Sam Classics: Revolution (HKLM-x32\...\Steam App 227780) (Version: - Croteam)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spooky Sounds (HKLM-x32\...\{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{3194AEE7-4546-433C-BB55-876F5DA427F8}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )
The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trojan Remover 6.9.1.2931 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2931 - Simply Super Software)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.4.0.1420 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version: - Egosoft)
XEOX Gamepad SL-6556-BK (HKLM-x32\...\{5E7F3FD4-503B-4451-B2EB-AC8C82DBA32F}) (Version: 1.00.0000 - )
==================== Restore Points =========================
19-07-2014 15:24:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
19-07-2014 15:25:26 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
19-07-2014 16:14:58 DirectX wurde installiert
21-07-2014 22:50:10 Removed VPNAutoconnect
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1603A121-82F7-4460-89E7-C49C00905E6E} - \{BFDBEB8F-905C-4796-BA31-7C2F0FFE900E} No Task File <==== ATTENTION
Task: {293942C5-8E7A-4C5B-98AB-5A26FA3BC700} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {2C2C2BE8-E60B-49BF-A854-1267A975238B} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {4B39FFBA-3406-49B1-9215-1C3958D6EFF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {59524788-2669-4BB5-BC44-625C32F9D29C} - System32\Tasks\{54AF1CD1-6281-4B3F-83A4-633E284D0DFD} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {60AA8270-E65C-47B5-813D-7D94C591E3A0} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {68EF1C1B-AB08-46E7-9797-A0A474C86293} - System32\Tasks\{215B91F3-6CDC-4BBF-8379-229088DB16D0} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {6C2403C5-F53A-4758-A985-9188999D93D1} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {82586FDF-02DA-4D03-AE4F-CE8B7E51F06B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\User\AppData\Roaming\Need for Speed World\googleupd.exe
Task: {9621AD92-6C15-4760-8EC4-A1B84E411425} - System32\Tasks\Games\UpdateCheck_S-1-5-21-869631257-1735827054-2329503079-1000
Task: {A524F8BA-FD56-455C-8119-D2ED34DECAAF} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {A82643E1-C2E1-492C-90CE-1DAEE1E137F5} - System32\Tasks\{395871AA-F047-4D35-B222-D484B8CD35BE} => C:\Users\User\Desktop\InstallPlus500.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AC7CBFEB-6DC7-415F-9147-683300BDFF35} - System32\Tasks\{3DEC6076-293B-46F0-B32E-28CD441AF536} => C:\Users\User\Downloads\battlefield2demo.exe
Task: {BA8F891F-6575-4188-8E13-608193B5B6EF} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C82CBE64-6849-48D1-A1D8-34BE426C7CDF} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {CADC7260-7244-449D-A8B6-070EB0A5F2B5} - System32\Tasks\{E89638DD-758C-4BF3-ACC0-14BEACB9DA2A} => C:\Program Files (x86)\SIX Networks\Play withSIX\Play withSIX.exe
Task: {D657B4FD-79E5-41D3-80EC-DA1ABA17E668} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {E082FC20-8E65-414A-AC2F-3ECCD5EC6FC3} - \Dealply No Task File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-14] (Microsoft Corporation)
Task: {EEB5D033-08C0-42FA-B696-A068B178D9BF} - \{0A2DD9E1-CB29-4304-BD86-C0D0AE4361FC} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-06-01 17:27 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-23 17:24 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2013-07-13 20:52 - 2014-05-29 12:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-22 10:57 - 2013-08-22 10:57 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2014-05-23 17:24 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2014-05-07 19:58 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 16:30 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-07 19:58 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 16:16 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-07 19:58 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-07 19:58 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-10-01 18:51 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-10-01 18:51 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-23 17:24 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2014-03-18 17:54 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-05-23 17:24 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2014-06-18 13:04 - 2014-06-18 13:04 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk => C:\Windows\pss\GameRanger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NetLimiter => "C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe" /minimized
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: RazerGameBooster => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2014 01:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DayZCommander.exe, Version: 0.9.1.90, Zeitstempel: 0x52083ff2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x185c
Startzeit der fehlerhaften Anwendung: 0xDayZCommander.exe0
Pfad der fehlerhaften Anwendung: DayZCommander.exe1
Pfad des fehlerhaften Moduls: DayZCommander.exe2
Berichtskennung: DayZCommander.exe3
Error: (07/22/2014 01:42:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DayZCommander.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei Dotjosh.DayZCommander.App.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Dotjosh.DayZCommander.App.App.Main()
Error: (07/22/2014 01:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DayZCommander.exe, Version: 0.9.1.90, Zeitstempel: 0x52083ff2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1008
Startzeit der fehlerhaften Anwendung: 0xDayZCommander.exe0
Pfad der fehlerhaften Anwendung: DayZCommander.exe1
Pfad des fehlerhaften Moduls: DayZCommander.exe2
Berichtskennung: DayZCommander.exe3
Error: (07/22/2014 01:41:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DayZCommander.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei Dotjosh.DayZCommander.App.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Dotjosh.DayZCommander.App.App.Main()
Error: (07/22/2014 01:35:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 01:35:19 PM) (Source: NetLimiter 4 Service) (EventID: 1000) (User: )
Description: [Main.cpp (71)] CNLNativeSvc::OnStart: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 01:35:18 PM) (Source: CoreLib) (EventID: 1000) (User: )
Description: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 02:18:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 02:17:19 AM) (Source: NetLimiter 4 Service) (EventID: 1000) (User: )
Description: [Main.cpp (71)] CNLNativeSvc::OnStart: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 02:17:19 AM) (Source: CoreLib) (EventID: 1000) (User: )
Description: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
System errors:
=============
Error: (07/22/2014 01:37:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/22/2014 02:49:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/22/2014 02:49:53 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/22/2014 02:17:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 9" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/22/2014 02:17:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 9 erreicht.
Error: (07/22/2014 02:01:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (07/22/2014 02:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/22/2014 02:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/22/2014 02:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/22/2014 02:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/22/2014 01:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DayZCommander.exe0.9.1.9052083ff2KERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f185c01cfa5a1f4a448c8C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exeC:\Windows\syswow64\KERNELBASE.dll32b042c7-1195-11e4-924f-902b3496f010
Error: (07/22/2014 01:42:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DayZCommander.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei Dotjosh.DayZCommander.App.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Dotjosh.DayZCommander.App.App.Main()
Error: (07/22/2014 01:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DayZCommander.exe0.9.1.9052083ff2KERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f100801cfa5a1e716b1ebC:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exeC:\Windows\syswow64\KERNELBASE.dll29355d3e-1195-11e4-924f-902b3496f010
Error: (07/22/2014 01:41:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DayZCommander.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei Dotjosh.DayZCommander.App.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run(System.Windows.Window)
bei Dotjosh.DayZCommander.App.App.Main()
Error: (07/22/2014 01:35:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 01:35:19 PM) (Source: NetLimiter 4 Service) (EventID: 1000) (User: )
Description: [Main.cpp (71)] CNLNativeSvc::OnStart: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 01:35:18 PM) (Source: CoreLib) (EventID: 1000) (User: )
Description: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 02:18:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/22/2014 02:17:19 AM) (Source: NetLimiter 4 Service) (EventID: 1000) (User: )
Description: [Main.cpp (71)] CNLNativeSvc::OnStart: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Error: (07/22/2014 02:17:19 AM) (Source: CoreLib) (EventID: 1000) (User: )
Description: Die Datei oder Assembly "System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 8173.55 MB
Available physical RAM: 5527.81 MB
Total Pagefile: 16345.29 MB
Available Pagefile: 13623.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:414.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D17BE2AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.07.2014, 08:18
| #4 |
| /// the machine /// TB-Ausbilder | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2014, 10:25
| #5 |
| | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Hallo. Hier sind die Logs Code:
ATTFilter ComboFix 14-07-22.01 - User 23.07.2014 11:00:24.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5952 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\User\AppData\Local\Plus500
c:\users\User\AppData\Local\Plus500\Languages\de\Images\BigLoading.gif
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_AutoYScaleDown.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_AutoYScaleUp.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_Cancel.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_cashier.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_ChartSettings.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_CrosshairDown.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_CrosshairUp.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_DemoMode.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_downarrow_red.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_Help.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_MoveDown.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_MoveUp.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_OK.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_RateAlerts.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_RealMode.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_Search.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_SetupIndicators.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_SwitchToCandleStick.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_SwitchToFun.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_SwitchToLine.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_SwitchToReal.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_ZoomIn.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_ZoomOut.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\but_ZoomReset.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_ABNAMRO.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_AboutWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_ArrowDown.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_ArrowUp.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_Barclays.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_BigBell.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_BigBellSelected.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_BigFavorite.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_BigFavoriteSelected.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_BuySellWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper1.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper1s.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper2.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper2s.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper3.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CashierMainWallpaper3s.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_ChartToolbar.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_CommonwealthBank.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_Error.PNG
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_IBB.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_InstrumentScreenRightWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_LoginWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList0.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList1.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList2.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList3.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList4.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList5.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList6.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList7.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyIconsImageList8.bmp
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyLeftWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_MainLobbyRightWallpaper.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\img_RateUs.png
c:\users\User\AppData\Local\Plus500\Languages\de\Images\InvestSmallBtns.ssk
c:\users\User\AppData\Local\Plus500\Languages\de\Images\InvestSoft.ssk
c:\users\User\AppData\Local\Plus500\Languages\de\Images\Loading.gif
c:\users\User\AppData\Local\Plus500\Main\configuration.xml
c:\users\User\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\User\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\User\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\User\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\User\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\User\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\User\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\User\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\User\AppData\Local\Plus500\Main\log4delphi.log
c:\users\User\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\User\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\User\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\User\AppData\Local\Plus500\Update\500w.exe
c:\users\User\AppData\Local\Plus500\Update\500z.exe
c:\users\User\AppData\Local\Plus500\Update\product.ico
c:\users\User\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\User\AppData\Local\Plus500\Update\uninstall.ico
c:\users\User\AppData\Roaming\Config
c:\users\User\AppData\Roaming\Config\jars.ini
c:\users\User\AppData\Roaming\dclogs
c:\users\User\AppData\Roaming\dclogs\2013-04-16-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-17-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-18-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-19-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-20-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-21-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-22-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-23-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-24-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-26-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-27-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-28-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-29-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-04-30-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-02-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-03-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-04-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-05-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-06-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-07-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-08-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-11-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-12-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-13-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-14-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-15-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-17-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-18-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-20-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-21-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-22-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-23-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-24-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-26-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-27-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-28-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-29-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-30-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-05-31-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-01-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-02-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-03-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-04-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-05-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-06-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-07-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-08-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-09-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-10-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-11-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-12-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-13-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-14-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-16-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-17-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-18-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-19-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-20-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-21-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-22-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-23-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-24-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-25-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-26-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-27-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-28-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-29-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-06-30-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-01-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-02-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-03-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-04-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-05-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-07-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-08-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-09-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-10-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-11-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-12-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-13-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-14-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-15-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-16-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-17-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-18-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-19-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-20-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-21-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-22-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-23-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-24-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-25-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-27-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-28-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-29-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-30-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-07-31-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-01-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-03-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-05-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-06-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-07-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-08-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-09-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-10-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-22-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-23-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-24-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-25-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-26-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-27-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-28-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-29-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-30-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-08-31-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-01-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-02-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-03-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-04-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-05-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-06-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-07-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-08-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-09-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-10-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-11-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-12-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-13-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-14-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-15-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-16-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-17-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-18-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-19-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-20-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-21-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-22-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-23-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-24-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-25-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-26-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-27-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-29-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-09-30-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-01-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-02-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-03-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-04-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-05-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-06-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-07-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-08-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-09-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-10-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-11-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-12-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-13-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-14-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-15-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-16-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-17-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-18-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-19-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-20-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-21-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-22-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-23-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-24-5.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-25-6.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-26-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-27-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-28-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-29-3.dc
c:\users\User\AppData\Roaming\dclogs\2013-10-30-4.dc
c:\users\User\AppData\Roaming\dclogs\2013-11-02-7.dc
c:\users\User\AppData\Roaming\dclogs\2013-11-03-1.dc
c:\users\User\AppData\Roaming\dclogs\2013-11-04-2.dc
c:\users\User\AppData\Roaming\dclogs\2013-11-05-3.dc
c:\windows\SysWow64\Dump
c:\windows\SysWow64\Dump\MiniDump.dmp
.
c:\windows\system32\drivers\null.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\afd.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\ndis.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\ndisuio.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822\ndisuio.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\netbios.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\netbios.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\usbehci.sys fehlte
Kopie von - c:\windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.18251_none_1bba07da1a507182\usbehci.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\intelppm.sys fehlte
Kopie von - c:\windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\intelppm.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\tcpip.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\netbt.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\asyncmac.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\cdrom.sys fehlte
Kopie von - c:\windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\Serial.sys fehlte
Kopie von - c:\windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\ndproxy.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndproxy.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\ws2ifsl.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\i8042prt.sys fehlte
Kopie von - c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\tdx.sys fehlte
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-23 bis 2014-07-23 ))))))))))))))))))))))))))))))
.
.
2014-07-23 09:12 . 2014-07-23 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-23 09:12 . 2010-11-21 03:24 119296 ----a-w- c:\windows\SysWow64\drivers\tdx.sys
2014-07-23 09:12 . 2009-07-13 23:19 105472 ----a-w- c:\windows\SysWow64\drivers\i8042prt.sys
2014-07-23 09:12 . 2009-07-14 00:10 21504 ----a-w- c:\windows\SysWow64\drivers\ws2ifsl.sys
2014-07-23 09:12 . 2010-11-21 03:24 57856 ----a-w- c:\windows\SysWow64\drivers\ndproxy.sys
2014-07-23 09:12 . 2009-07-14 00:00 94208 ----a-w- c:\windows\SysWow64\drivers\Serial.sys
2014-07-23 09:12 . 2010-11-21 03:23 147456 ----a-w- c:\windows\SysWow64\drivers\cdrom.sys
2014-07-23 09:12 . 2009-07-14 00:10 23040 ----a-w- c:\windows\SysWow64\drivers\asyncmac.sys
2014-07-23 09:12 . 2010-11-21 03:23 261632 ----a-w- c:\windows\SysWow64\drivers\netbt.sys
2014-07-23 09:12 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\SysWow64\drivers\tcpip.sys
2014-07-23 09:12 . 2009-07-13 23:19 62464 ----a-w- c:\windows\SysWow64\drivers\intelppm.sys
2014-07-23 09:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\SysWow64\drivers\usbehci.sys
2014-07-23 09:11 . 2009-07-14 00:09 44544 ----a-w- c:\windows\SysWow64\drivers\netbios.sys
2014-07-23 09:11 . 2010-11-21 03:24 56832 ----a-w- c:\windows\SysWow64\drivers\ndisuio.sys
2014-07-23 09:11 . 2012-08-22 18:12 950128 ----a-w- c:\windows\SysWow64\drivers\ndis.sys
2014-07-23 09:11 . 2013-09-28 01:14 496128 ----a-w- c:\windows\SysWow64\drivers\afd.sys
2014-07-23 09:11 . 2009-07-13 23:19 6144 ----a-w- c:\windows\SysWow64\drivers\null.sys
2014-07-22 11:45 . 2014-07-22 11:47 -------- d-----w- C:\FRST
2014-07-21 23:34 . 2014-07-21 23:34 -------- d-----w- C:\found.000
2014-07-21 23:07 . 2014-07-21 23:07 -------- d-----w- c:\windows\ERUNT
2014-07-21 22:58 . 2014-07-21 22:58 -------- d-----w- c:\program files (x86)\Repair File
2014-07-21 22:57 . 2014-07-21 22:57 -------- d-----w- c:\programdata\Licenses
2014-07-21 22:53 . 2014-07-21 22:53 -------- d-----w- c:\users\User\AppData\Roaming\Simply Super Software
2014-07-21 22:53 . 2014-07-21 22:54 -------- d-----w- c:\program files (x86)\Trojan Remover
2014-07-21 22:53 . 2014-07-21 22:53 -------- d-----w- c:\programdata\Simply Super Software
2014-07-19 20:35 . 2014-07-19 20:35 -------- d-----w- c:\users\User\AppData\Local\Glyph
2014-07-19 20:35 . 2014-07-19 20:35 -------- d-----w- c:\programdata\Glyph
2014-07-19 20:35 . 2014-07-19 20:36 -------- d-----w- c:\program files (x86)\Glyph
2014-07-18 17:24 . 2014-07-18 17:31 -------- d-----w- c:\users\User\AppData\Local\QQSM
2014-07-18 07:54 . 2014-07-18 07:54 -------- d-----w- c:\programdata\Riot Games
2014-07-18 07:29 . 2014-07-18 17:24 -------- d-----w- c:\programdata\Solid State Networks
2014-07-13 01:21 . 2014-07-13 01:21 -------- d-----w- c:\users\User\AppData\Roaming\HeroesAndGeneralsDesktop
2014-07-12 13:25 . 2014-07-12 13:25 -------- d-----w- c:\program files (x86)\Oblivion
2014-07-09 20:01 . 2014-07-09 20:01 -------- d-----w- c:\users\User\AppData\Roaming\globalip
2014-07-09 15:41 . 2014-07-09 15:41 -------- d-----w- c:\users\User\AppData\Local\WSplitTimer
2014-06-28 13:40 . 2014-07-18 12:23 -------- d-----w- c:\users\User\AppData\Roaming\Tropico 4
2014-06-28 13:38 . 2014-06-28 13:38 -------- d-----w- c:\users\User\AppData\Roaming\Kalypso Media
2014-06-26 20:45 . 2014-07-08 17:27 -------- d-----w- c:\users\User\AppData\Local\Game Dev Tycoon - Steam
2014-06-23 20:58 . 2014-06-23 20:58 -------- d-----w- c:\users\User\AppData\Local\NBGI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 16:49 . 2012-06-01 15:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:49 . 2012-06-01 15:34 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-06-05 22:49 . 2013-07-13 18:52 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-05 22:49 . 2012-10-02 15:24 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-03 18:04 . 2012-10-01 21:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-29 23:07 . 2014-06-02 13:33 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-05-29 23:07 . 2013-10-28 22:04 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2014-06-02 13:33 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-05-29 23:07 . 2013-10-28 22:04 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
2014-05-29 10:20 . 2013-07-13 18:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-05-24 14:10 . 2014-05-24 14:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-24 14:06 . 2014-01-03 14:26 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-24 14:06 . 2014-05-24 14:07 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-24 14:06 . 2014-01-03 14:26 191400 ----a-w- c:\windows\system32\javaw.exe
2014-05-24 14:06 . 2014-01-03 14:26 190888 ----a-w- c:\windows\system32\java.exe
2014-05-23 15:24 . 2014-05-23 15:24 1192533 ----a-w- c:\windows\unins000.exe
2014-05-20 02:44 . 2014-06-02 11:39 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-06-02 11:39 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-06-02 11:39 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-06-02 11:39 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-06-02 11:39 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-06-02 11:39 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-06-02 11:39 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-06-02 11:39 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-06-02 11:39 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-06-02 11:39 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-06-02 11:39 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-06-02 11:39 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-06-02 11:39 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-06-02 11:39 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-02 11:39 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-02 11:39 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-06-02 11:39 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-06-02 11:39 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-06-02 11:39 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-06-02 11:39 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-06-02 11:39 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-06-02 11:39 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-06-02 11:39 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-06-02 11:39 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-03-10 23:49 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-03-10 23:49 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2013-02-25 22:32 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-02-25 22:32 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-02-25 22:32 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-02-25 22:32 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-02-25 22:32 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2012-06-01 15:27 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2012-06-01 15:27 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2012-06-01 15:27 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2012-06-01 15:27 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2012-06-01 15:27 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2012-06-01 15:27 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-06-02 11:45 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-05-17 07:31 . 2014-05-17 07:31 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2014-05-17 07:31 . 2014-05-17 07:31 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-05-17 07:31 . 2014-05-17 07:31 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2014-05-17 07:31 . 2014-05-17 07:31 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-05-14 23:49 . 2012-06-01 15:27 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-04-28 09:54 . 2012-10-01 15:50 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"HP ENVY 4500 series (NET)"="c:\program files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" [2013-08-13 3421216]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-08 1178168]
"BitTorrent"="c:\users\User\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-07-21 1909592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GamingMouse"="c:\program files (x86)\Drakonia Configurator\hid.exe" [2013-10-29 248832]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2014-07-21 1666432]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Erinnerungen für Microsoft Works-Kalender.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11 16:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GamingMouse"="c:\program files (x86)\Drakonia Configurator\hid.exe" [2013-10-29 248832]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2014-07-21 1666432]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AppInfo
AppMgmt
browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
seclogon
Themes
wercplsupport
BDESVC
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2013-03-14 15:51; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{A227B892-C548-4490-9C5D-DB341F8194A6}_is1 - c:\program files (x86)\Euro Truck Simulator 2 Multiplayer\unins000.exe
AddRemove-uTorrent - c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bb,b1,e8,b7,38,29,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c3,e4,ff,a4,4d,de,4a,aa,5a,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c3,e4,ff,a4,4d,de,4a,aa,5a,32,\
.
[HKEY_USERS\S-1-5-21-869631257-1735827054-2329503079-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8e,15,d1,37,e3,87,ca,a4,9e,08,65,67,30,7c,d1,86,d5,a4,08,37,d1,29,c1,
ca,07,cf,a3,1c,78,e9,e1,3d,96,e8,e9,7a,aa,ef,f3,7d,87,c7,f1,8e,89,fb,d3,32,\
"??"=hex:0a,8b,e8,61,b7,1e,a3,1c,0a,e6,4d,55,f7,93,29,56
.
[HKEY_USERS\S-1-5-21-869631257-1735827054-2329503079-1000\Software\SecuROM\License information*]
"datasecu"=hex:e1,b2,44,bc,b8,b0,8d,29,e0,75,63,3a,2c,31,0f,e5,ad,ba,30,cd,22,
80,18,19,9c,b5,16,42,1e,32,87,54,f2,f0,5e,14,1f,e1,53,1a,c9,cb,29,23,79,00,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\Drakonia Configurator\trayicon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-23 11:22:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-23 09:22
.
Vor Suchlauf: 13 Verzeichnis(se), 454.064.877.568 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 453.846.605.824 Bytes frei
.
- - End Of File - - FF4F00EDB09FC3A56167118107822D43
A36C5E4F47E84449FF07ED3517B43A31
|
|
24.07.2014, 09:28
| #6 |
| /// the machine /// TB-Ausbilder | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. |
|
24.07.2014, 10:35
| #7 |
| | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Hallo. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.07.2014 Suchlauf-Zeit: 11:00:16 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.24.01 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322179 Verstrichene Zeit: 13 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [0948a1026d0ee84eb5bae605e2205aa6], PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [074aefb4324956e0601c2ebc8c767888], Registrierungswerte: 1 PUP.Optional.QuickStart.A, HKU\S-1-5-21-869631257-1735827054-2329503079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [92bfbde6b6c5f93dea69e2ec6f93a25e] Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[c68b2380f98206303f593f71689cf40c] Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 24.07.2014 at 11:23:27.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-869631257-1735827054-2329503079-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1BBC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1BBC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\u30j68m3.default\minidumps [1128 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.07.2014 at 11:32:11.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 24/07/2014 um 11:19:21
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - ALEX-PC
# Gestartet von : C:\Users\User\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [58113 octets] - [06/01/2014 14:23:08]
AdwCleaner[R1].txt - [11852 octets] - [03/05/2014 04:14:50]
AdwCleaner[R2].txt - [4411 octets] - [08/05/2014 16:48:23]
AdwCleaner[R3].txt - [2203 octets] - [22/07/2014 01:20:05]
AdwCleaner[R4].txt - [1401 octets] - [24/07/2014 11:18:01]
AdwCleaner[S0].txt - [54450 octets] - [06/01/2014 14:25:34]
AdwCleaner[S1].txt - [10037 octets] - [03/05/2014 04:15:22]
AdwCleaner[S2].txt - [4317 octets] - [08/05/2014 16:49:01]
AdwCleaner[S3].txt - [1572 octets] - [22/07/2014 01:22:39]
AdwCleaner[S4].txt - [1322 octets] - [24/07/2014 11:19:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1382 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by User (administrator) on ALEX-PC on 24-07-2014 11:33:02
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\wkcalrem.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-07-22] (Simply Super Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1751744 2014-07-24] (Valve Corporation)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-08] (Spotify Ltd)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1909592 2014-07-21] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8A0A56CEEEDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\User\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\firefox@ghostery.com.xpi [2014-07-16]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\info@convert2mp3.net.xpi [2013-11-08]
FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-08]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-17]
FF Extension: Gutscheinaffe - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-11-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: QuickJava - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-02-25] (EasyAntiCheat Ltd)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-04-13] (Locktime Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4687672 2012-05-15] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-22] () [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AsyncMac; C:\Windows\SysWOW64\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-28] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 cdrom; C:\Windows\SysWOW64\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-30] (DT Soft Ltd)
S3 i8042prt; C:\Windows\SysWOW64\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-28] ()
R0 NDIS; C:\Windows\SysWOW64\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\SysWOW64\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation)
R3 NDProxy; C:\Windows\SysWow64\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\SysWOW64\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\Windows\SysWOW64\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-04-13] (Locktime Software)
R1 Null; C:\Windows\SysWow64\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2013-12-31] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R1 Serial; C:\Windows\SysWOW64\DRIVERS\serial.sys [94208 2009-07-14] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 Tcpip; C:\Windows\SysWOW64\drivers\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\SysWOW64\DRIVERS\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
R1 tdx; C:\Windows\SysWOW64\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Corporation)
R3 usbehci; C:\Windows\SysWOW64\DRIVERS\usbehci.sys [52736 2013-09-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xnacc; system32\DRIVERS\xnacc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVCx32: AppInfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-24 11:33 - 2014-07-24 11:33 - 00024332 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-24 11:32 - 2014-07-24 11:32 - 00001944 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-24 11:32 - 2014-07-24 11:32 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-07-24 11:19 - 2014-07-24 11:19 - 00001462 _____ () C:\Users\User\Desktop\AdwCleaner[S4].txt
2014-07-24 11:18 - 2014-07-24 11:18 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-24 11:14 - 2014-07-24 11:14 - 00001902 _____ () C:\Users\User\Desktop\mbam.txt
2014-07-24 10:58 - 2014-07-24 10:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-24 10:58 - 2014-07-24 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:12 - 2014-07-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:22 - 2014-07-23 11:22 - 00055396 _____ () C:\ComboFix.txt
2014-07-23 11:12 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\tcpip.sys
2014-07-23 11:12 - 2010-11-21 05:24 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\tdx.sys
2014-07-23 11:12 - 2010-11-21 05:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndproxy.sys
2014-07-23 11:12 - 2010-11-21 05:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\netbt.sys
2014-07-23 11:12 - 2010-11-21 05:23 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\cdrom.sys
2014-07-23 11:12 - 2009-07-14 02:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\asyncmac.sys
2014-07-23 11:12 - 2009-07-14 02:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ws2ifsl.sys
2014-07-23 11:12 - 2009-07-14 02:00 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\Serial.sys
2014-07-23 11:12 - 2009-07-14 01:19 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\i8042prt.sys
2014-07-23 11:12 - 2009-07-14 01:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\intelppm.sys
2014-07-23 11:11 - 2013-09-28 03:14 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\afd.sys
2014-07-23 11:11 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\usbehci.sys
2014-07-23 11:11 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndis.sys
2014-07-23 11:11 - 2010-11-21 05:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndisuio.sys
2014-07-23 11:11 - 2009-07-14 02:09 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\netbios.sys
2014-07-23 11:11 - 2009-07-14 01:19 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\null.sys
2014-07-23 10:58 - 2014-07-23 11:22 - 00000000 ____D () C:\Qoobox
2014-07-23 10:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-23 10:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-23 10:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-23 10:57 - 2014-07-23 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 10:56 - 2014-07-23 10:56 - 05562024 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-07-22 21:40 - 2014-07-22 21:41 - 00000000 ____D () C:\Program Files\Recuva
2014-07-22 21:40 - 2014-07-22 21:40 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-07-22 13:45 - 2014-07-24 11:33 - 00000000 ____D () C:\FRST
2014-07-22 13:45 - 2014-07-24 11:32 - 02093568 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-22 01:41 - 2014-07-24 11:20 - 00001196 _____ () C:\Windows\PFRO.log
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 ____D () C:\found.000
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Desktop\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:58 - 2014-07-22 00:58 - 00001195 _____ () C:\Users\User\Desktop\File Repair.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\Program Files (x86)\Repair File
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:53 - 2014-07-22 00:54 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:52 - 2014-07-22 00:53 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:27 - 2014-07-21 23:28 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 18:27 - 2014-07-21 18:28 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:27 - 2014-07-21 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 17:57 - 2014-07-21 18:00 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-21 13:14 - 2014-07-21 14:42 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.0.0_Complete.exe
2014-07-21 13:14 - 2014-07-21 13:16 - 50922509 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.1.0_Patch.exe
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:35 - 2014-07-19 22:36 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 18:15 - 2014-07-19 18:15 - 00000382 _____ () C:\Windows\DirectX.log
2014-07-18 19:24 - 2014-07-18 19:31 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-18 09:29 - 2014-07-18 19:24 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-14 23:52 - 2014-07-15 00:06 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-14 23:52 - 2014-07-15 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-09 22:05 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 12:27 - 2014-07-24 11:21 - 00005074 _____ () C:\Windows\setupact.log
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-06-28 15:40 - 2014-07-18 14:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 22:45 - 2014-07-08 19:27 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-24 11:33 - 2014-07-24 11:33 - 00024332 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-24 11:33 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-24 11:32 - 2014-07-24 11:32 - 00001944 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-24 11:32 - 2014-07-24 11:32 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-07-24 11:32 - 2014-07-22 13:45 - 02093568 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-24 11:32 - 2012-10-01 17:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-07-24 11:28 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:28 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:23 - 2014-01-06 14:23 - 00000000 ____D () C:\AdwCleaner
2014-07-24 11:23 - 2012-10-01 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-24 11:22 - 2013-01-23 03:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-07-24 11:22 - 2012-10-09 21:57 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-07-24 11:21 - 2014-07-08 12:27 - 00005074 _____ () C:\Windows\setupact.log
2014-07-24 11:21 - 2012-06-01 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 11:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 11:20 - 2014-07-22 01:41 - 00001196 _____ () C:\Windows\PFRO.log
2014-07-24 11:19 - 2014-07-24 11:19 - 00001462 _____ () C:\Users\User\Desktop\AdwCleaner[S4].txt
2014-07-24 11:19 - 2012-10-16 12:23 - 01344556 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 11:18 - 2014-07-24 11:18 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-24 11:14 - 2014-07-24 11:14 - 00001902 _____ () C:\Users\User\Desktop\mbam.txt
2014-07-24 10:58 - 2014-07-24 10:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-24 10:58 - 2014-07-24 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 10:57 - 2012-10-01 17:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 10:51 - 2012-10-01 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 03:09 - 2014-06-13 23:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-07-24 02:49 - 2012-06-01 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 00:33 - 2014-05-29 00:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-24 00:28 - 2013-01-29 20:51 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 00:23 - 2014-05-29 00:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-23 21:46 - 2012-10-08 19:29 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-07-23 20:12 - 2014-07-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:26 - 2014-06-13 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-07-23 11:22 - 2014-07-23 11:22 - 00055396 _____ () C:\ComboFix.txt
2014-07-23 11:22 - 2014-07-23 10:58 - 00000000 ____D () C:\Qoobox
2014-07-23 11:22 - 2014-06-04 17:06 - 00000000 ____D () C:\Users\Tamer
2014-07-23 11:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-23 11:20 - 2014-07-23 10:57 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 11:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 10:56 - 2014-07-23 10:56 - 05562024 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-07-23 02:13 - 2012-10-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-07-23 02:10 - 2012-11-20 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-07-23 02:05 - 2013-01-04 21:19 - 00000000 ____D () C:\procexp
2014-07-22 21:41 - 2014-07-22 21:40 - 00000000 ____D () C:\Program Files\Recuva
2014-07-22 21:40 - 2014-07-22 21:40 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-07-22 13:43 - 2013-11-12 17:58 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-07-22 13:36 - 2013-10-02 14:23 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 ____D () C:\found.000
2014-07-22 01:21 - 2012-10-15 23:39 - 00000000 ____D () C:\Users\User\Desktop\Zeugs
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Desktop\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:58 - 2014-07-22 00:58 - 00001195 _____ () C:\Users\User\Desktop\File Repair.lnk
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2014-07-22 00:58 - 2014-07-22 00:58 - 00000000 ____D () C:\Program Files (x86)\Repair File
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:54 - 2014-07-22 00:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:52 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:28 - 2014-07-21 23:27 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-21 18:28 - 2014-07-21 18:27 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:28 - 2014-07-21 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 18:00 - 2014-07-21 17:57 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-21 14:42 - 2014-07-21 13:14 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.0.0_Complete.exe
2014-07-21 13:16 - 2014-07-21 13:14 - 50922509 _____ (Blitzkrieg Mod Team ) C:\Users\User\Desktop\Blitzkrieg_4.8.1.0_Patch.exe
2014-07-21 12:00 - 2012-10-08 10:09 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-07-20 17:46 - 2012-11-05 13:38 - 00000000 ____D () C:\Users\User\AppData\Local\ArmA 2 OA
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:36 - 2014-07-19 22:35 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 18:15 - 2014-07-19 18:15 - 00000382 _____ () C:\Windows\DirectX.log
2014-07-19 17:25 - 2013-04-15 11:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 19:31 - 2014-07-18 19:24 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 19:24 - 2014-07-18 09:29 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 14:23 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-07-18 11:22 - 2014-04-12 11:27 - 00000000 ____D () C:\Users\User\AppData\Local\Arma 3
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 17:55 - 2013-10-02 17:17 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-07-15 00:06 - 2014-07-14 23:52 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-15 00:06 - 2014-07-14 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 12:52 - 2014-05-27 12:33 - 00000000 ____D () C:\Users\User\Desktop\sprengel1974@mail.ru - Почта Mail.Ru-Dateien
2014-07-12 12:50 - 2014-07-09 22:05 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-10 13:40 - 2012-11-12 22:51 - 00000000 ____D () C:\Users\User\Desktop\Musik
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:04 - 2012-10-03 00:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 18:49 - 2012-06-01 17:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 18:49 - 2012-06-01 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 18:49 - 2012-06-01 17:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 19:27 - 2014-06-26 22:45 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 10:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 19:08 - 2012-10-02 23:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 17:40 - 2012-11-20 00:50 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-07-03 12:27 - 2014-04-02 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-03 12:27 - 2013-09-24 18:01 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 14:09 - 2012-10-01 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
2014-06-24 11:21 - 2013-02-13 22:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-06-24 11:20 - 2013-09-24 18:00 - 00000000 ____D () C:\ProgramData\AVG2014
Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 07:07
==================== End Of Log ============================
MfG Alex |
|
24.07.2014, 19:18
| #8 |
| /// the machine /// TB-Ausbilder | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2014, 21:48
| #9 |
| | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. So zum letzten mal Hallo glaub ich So hier die log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0a5197ad22c54945b60ea85b671c923d
# engine=19334
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-24 08:29:16
# local_time=2014-07-24 10:29:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 41651 93367740 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 32735193 157863606 0 0
# scanned=407221
# found=62
# cleaned=56
# scan_time=7449
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\ldrtbBit0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\ldrtbBitt.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBit0.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBit1.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBitt.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=C19F40AE0DBD4F3E33E504F0873CA7BBBDE8468A ft=0 fh=0000000000000000 vn="Win32/NationZoom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Backup\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\prefs_06_01_2014_13_25_59.js"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=5A88643D0909F37BDF12BAF483C6E12BB8494AF9 ft=1 fh=cb908218fc7f3239 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\ExtensionUpdaterService.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=30D457E18D2B8CAF0B8900A4D64146CB171B57E0 ft=1 fh=c5d4173284eff9c1 vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir"
sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir"
sh=D1337408DE8FC6409BCB0F52A3F84F2863A94C40 ft=1 fh=b4f71a4e9c68bca5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir"
sh=E1124A98F09A6EBCE59FEA2E918FFE2DCB245146 ft=1 fh=c29d58234e843b86 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir"
sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=EA8ADA75B6A0DBE8157470D7CCE54ADCF33C3F3E ft=1 fh=b9212dfc755e05d1 vn="MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movdap\WBDesktop.Updater.1.0.0.16.exe.vir"
sh=375347DEFD101FBE244DCF0C0D89D89578A053B8 ft=1 fh=71558cf322c1751b vn="möglicherweise Variante von Win32/Adware.Yontoo.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movdap\WebCakeIEClient.dll.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=3A5E6E441E604C44C841775A532E752D14613618 ft=1 fh=63c184ce6dedf5b1 vn="Variante von Win32/InstallBrain.AO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IBUpdaterService\ibsvc.exe.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=9A189D6EAB28C6F9C20AEEFA3E7134916E38C65B ft=1 fh=c71c0011b919b825 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=6270B1B9CDFC8C8155EAA6CA89F74BCCFF16E4A1 ft=1 fh=1f1ae8bf1242efa2 vn="Win32/Toolbar.Conduit.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Conduit\CT2849855\BittorrentBar_DEAutoUpdateHelper.exe.vir"
sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111\contentscript.js.vir"
sh=33E5392D35B724ECF66AA36489157C066FDDC8F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js.vir"
sh=E45C1D583BDD644F636D8DA387761796CE1D7038 ft=1 fh=fe33acdf835fbfaa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=75773C452146645B80387025120B3AFC1BD7F608 ft=1 fh=f924702fd032a998 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=D9B3BA161D98EA1AD0E61015B2F11DB47A0A6875 ft=1 fh=8252b73ae811ba6a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=C7759E1F0D3AD2530280372D806703390469B07C ft=1 fh=930db3a9eb64adf6 vn="MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\WebCakeDesktop.exe.vir"
sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\dat\Desktop.OS.dll.vir"
sh=B51F7B05DAD9343D1201AF7960C6DEC49334CB77 ft=1 fh=f450c507d0be30ef vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\dat\Dora.dat.vir"
sh=22685DC94848550F07467C2E59705F3E8E3BA364 ft=1 fh=079f83b17c3f95a7 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\dat\Maintain.dat.vir"
sh=DB99D7474B8745F7416CF34EE26C2FEFF210CF54 ft=1 fh=36dd4b78925ad11e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\dat\Paladin.dat.vir"
sh=769968DFFD463E9F7A2D8C17FC5F119F2EC52A74 ft=1 fh=283505d57093469b vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Movdap\dat\Phoenix.dat.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\hk64tbBit0.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\hktbBit0.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\ldrtbBit0.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\ldrtbBitt.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\tbBit0.dll.vir"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\tbBit1.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\tbBitt.dll.vir"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\found.000\dir0065.chk\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\ldrtbBit0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\ldrtbBitt.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBit0.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBit1.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\tbBitt.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\BittorrentBar_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Trojan Remover 6.9.1.2931
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by User (administrator) on ALEX-PC on 24-07-2014 22:44:36
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\wkcalrem.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-07-22] (Simply Super Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1751744 2014-07-24] (Valve Corporation)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-08] (Spotify Ltd)
HKU\S-1-5-21-869631257-1735827054-2329503079-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1909592 2014-07-21] (BitTorrent Inc.)
IFEO\taskmgr.exe: [Debugger] "C:\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8A0A56CEEEDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\User\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\firefox@ghostery.com.xpi [2014-07-16]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\info@convert2mp3.net.xpi [2013-11-08]
FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-08]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-17]
FF Extension: YouTube High Definition - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-24]
FF Extension: Gutscheinaffe - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-11-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: QuickJava - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u30j68m3.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-02-25] (EasyAntiCheat Ltd)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-04-13] (Locktime Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4687672 2012-05-15] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-22] () [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AsyncMac; C:\Windows\SysWOW64\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-28] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 cdrom; C:\Windows\SysWOW64\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-30] (DT Soft Ltd)
S3 i8042prt; C:\Windows\SysWOW64\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-28] ()
R0 NDIS; C:\Windows\SysWOW64\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\SysWOW64\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation)
R3 NDProxy; C:\Windows\SysWow64\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\SysWOW64\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\Windows\SysWOW64\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-04-13] (Locktime Software)
R1 Null; C:\Windows\SysWow64\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2013-12-31] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R1 Serial; C:\Windows\SysWOW64\DRIVERS\serial.sys [94208 2009-07-14] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 Tcpip; C:\Windows\SysWOW64\drivers\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\SysWOW64\DRIVERS\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
R1 tdx; C:\Windows\SysWOW64\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Corporation)
R3 usbehci; C:\Windows\SysWOW64\DRIVERS\usbehci.sys [52736 2013-09-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xnacc; system32\DRIVERS\xnacc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVCx32: AppInfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-24 22:44 - 2014-07-24 22:44 - 00025490 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-24 22:30 - 2014-07-24 22:31 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-24 21:55 - 2014-07-24 21:55 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-07-24 21:55 - 2014-07-24 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-07-24 20:22 - 2014-07-24 20:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-24 20:21 - 2014-07-24 20:22 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-24 19:48 - 2014-07-24 19:48 - 00001336 _____ () C:\Users\Public\Desktop\DayZ Commander.lnk
2014-07-24 19:48 - 2014-07-24 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-24 19:37 - 2014-07-24 19:38 - 69999448 _____ (Microsoft Corporation) C:\Users\User\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2014-07-24 19:33 - 2014-07-24 19:34 - 50449456 _____ (Microsoft Corporation) C:\Users\User\Desktop\dotNetFx40_Full_x86_x64.exe
2014-07-24 19:26 - 2014-07-24 19:28 - 12074320 _____ (SIX Networks) C:\Users\User\Downloads\withSIX-Play.exe
2014-07-24 19:22 - 2014-07-24 19:22 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-24 19:20 - 2014-07-24 19:20 - 02945024 _____ () C:\Users\User\Downloads\Dotjosh.DayZCommander.Installer.msi
2014-07-24 15:10 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe
2014-07-24 15:10 - 2012-10-15 13:23 - 00072154 _____ () C:\procexp.chm
2014-07-24 15:10 - 2006-07-28 08:32 - 00007005 _____ () C:\Eula.txt
2014-07-24 15:06 - 2014-07-24 15:06 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip
2014-07-24 10:58 - 2014-07-24 10:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-24 10:58 - 2014-07-24 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:12 - 2014-07-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:12 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\tcpip.sys
2014-07-23 11:12 - 2010-11-21 05:24 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\tdx.sys
2014-07-23 11:12 - 2010-11-21 05:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndproxy.sys
2014-07-23 11:12 - 2010-11-21 05:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\netbt.sys
2014-07-23 11:12 - 2010-11-21 05:23 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\cdrom.sys
2014-07-23 11:12 - 2009-07-14 02:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\asyncmac.sys
2014-07-23 11:12 - 2009-07-14 02:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ws2ifsl.sys
2014-07-23 11:12 - 2009-07-14 02:00 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\Serial.sys
2014-07-23 11:12 - 2009-07-14 01:19 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\i8042prt.sys
2014-07-23 11:12 - 2009-07-14 01:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\intelppm.sys
2014-07-23 11:11 - 2013-09-28 03:14 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\afd.sys
2014-07-23 11:11 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\usbehci.sys
2014-07-23 11:11 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndis.sys
2014-07-23 11:11 - 2010-11-21 05:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ndisuio.sys
2014-07-23 11:11 - 2009-07-14 02:09 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\netbios.sys
2014-07-23 11:11 - 2009-07-14 01:19 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\null.sys
2014-07-23 10:58 - 2014-07-23 11:22 - 00000000 ____D () C:\Qoobox
2014-07-23 10:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-23 10:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-23 10:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-23 10:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-23 10:57 - 2014-07-23 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 13:45 - 2014-07-24 22:44 - 00000000 ____D () C:\FRST
2014-07-22 13:45 - 2014-07-24 11:32 - 02093568 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-22 01:41 - 2014-07-24 11:20 - 00001196 _____ () C:\Windows\PFRO.log
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 ____D () C:\found.000
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Desktop\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:53 - 2014-07-22 00:54 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:52 - 2014-07-22 00:53 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:27 - 2014-07-21 23:28 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 18:27 - 2014-07-21 18:28 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:27 - 2014-07-21 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 17:57 - 2014-07-21 18:00 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:35 - 2014-07-19 22:36 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 18:15 - 2014-07-24 17:44 - 00018817 _____ () C:\Windows\DirectX.log
2014-07-18 19:24 - 2014-07-18 19:31 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-18 09:29 - 2014-07-18 19:24 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-14 23:52 - 2014-07-15 00:06 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-14 23:52 - 2014-07-15 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-09 22:05 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 12:27 - 2014-07-24 11:21 - 00005074 _____ () C:\Windows\setupact.log
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-06-28 15:40 - 2014-07-18 14:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 22:45 - 2014-07-08 19:27 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-24 22:45 - 2014-07-24 22:44 - 00025490 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-24 22:44 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-24 22:39 - 2012-10-01 17:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-07-24 22:31 - 2014-07-24 22:30 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-24 22:14 - 2014-06-13 23:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-07-24 22:02 - 2012-10-01 17:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 21:55 - 2014-07-24 21:55 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-07-24 21:55 - 2014-07-24 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-07-24 21:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-24 21:49 - 2012-06-01 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 20:22 - 2014-07-24 20:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-24 20:22 - 2014-07-24 20:21 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-24 19:48 - 2014-07-24 19:48 - 00001336 _____ () C:\Users\Public\Desktop\DayZ Commander.lnk
2014-07-24 19:48 - 2014-07-24 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-07-24 19:48 - 2012-11-05 13:42 - 00000000 ____D () C:\Users\User\AppData\Local\DayZCommander
2014-07-24 19:46 - 2012-10-16 12:23 - 01345022 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 19:41 - 2012-10-10 16:43 - 01625030 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-24 19:41 - 2010-11-21 08:50 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 19:41 - 2010-11-21 08:50 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 19:41 - 2009-07-14 07:13 - 01625030 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 19:38 - 2014-07-24 19:37 - 69999448 _____ (Microsoft Corporation) C:\Users\User\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2014-07-24 19:34 - 2014-07-24 19:33 - 50449456 _____ (Microsoft Corporation) C:\Users\User\Desktop\dotNetFx40_Full_x86_x64.exe
2014-07-24 19:33 - 2012-11-06 05:32 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-07-24 19:33 - 2012-10-08 19:29 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-07-24 19:28 - 2014-07-24 19:26 - 12074320 _____ (SIX Networks) C:\Users\User\Downloads\withSIX-Play.exe
2014-07-24 19:22 - 2014-07-24 19:22 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-07-24 19:20 - 2014-07-24 19:20 - 02945024 _____ () C:\Users\User\Downloads\Dotjosh.DayZCommander.Installer.msi
2014-07-24 19:11 - 2014-05-29 00:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 19:11 - 2013-01-29 20:51 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 18:41 - 2012-10-01 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-24 17:44 - 2014-07-19 18:15 - 00018817 _____ () C:\Windows\DirectX.log
2014-07-24 15:06 - 2014-07-24 15:06 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip
2014-07-24 11:37 - 2012-11-12 22:51 - 00000000 ____D () C:\Users\User\Desktop\Musik
2014-07-24 11:32 - 2014-07-22 13:45 - 02093568 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-24 11:28 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:28 - 2009-07-14 06:45 - 00022688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:23 - 2014-01-06 14:23 - 00000000 ____D () C:\AdwCleaner
2014-07-24 11:22 - 2013-01-23 03:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-07-24 11:22 - 2012-10-09 21:57 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-07-24 11:21 - 2014-07-08 12:27 - 00005074 _____ () C:\Windows\setupact.log
2014-07-24 11:21 - 2012-06-01 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 11:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 11:20 - 2014-07-22 01:41 - 00001196 _____ () C:\Windows\PFRO.log
2014-07-24 10:58 - 2014-07-24 10:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-24 10:58 - 2014-07-24 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 10:51 - 2012-10-01 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 00:33 - 2014-05-29 00:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-23 20:12 - 2014-07-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:26 - 2014-06-13 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-07-23 11:22 - 2014-07-23 10:58 - 00000000 ____D () C:\Qoobox
2014-07-23 11:22 - 2014-06-04 17:06 - 00000000 ____D () C:\Users\Tamer
2014-07-23 11:22 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-23 11:20 - 2014-07-23 10:57 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 11:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 02:13 - 2012-10-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-07-23 02:10 - 2012-11-20 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-07-23 02:05 - 2013-01-04 21:19 - 00000000 ____D () C:\procexp
2014-07-22 13:43 - 2013-11-12 17:58 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA Corporation
2014-07-22 13:36 - 2013-10-02 14:23 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:36 - 2012-11-20 11:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 01:34 - 2014-07-22 01:34 - 00000000 ____D () C:\found.000
2014-07-22 01:21 - 2012-10-15 23:39 - 00000000 ____D () C:\Users\User\Desktop\Zeugs
2014-07-22 01:19 - 2014-07-22 01:19 - 01354223 _____ () C:\Users\User\Desktop\adwcleaner_3.216.exe
2014-07-22 01:07 - 2014-07-22 01:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 00:58 - 2014-07-22 00:58 - 01319328 _____ (File Repair ) C:\Users\User\Downloads\file-repair-setup.exe
2014-07-22 00:57 - 2014-07-22 00:57 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-22 00:54 - 2014-07-22 00:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:53 - 00001139 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\Documents\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-22 00:53 - 2014-07-22 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-07-22 00:53 - 2014-07-22 00:52 - 21407864 _____ (Simply Super Software ) C:\Users\User\Downloads\trjsetup690.exe
2014-07-21 23:28 - 2014-07-21 23:27 - 61513304 _____ (Ubisoft) C:\Users\User\Downloads\UplayInstaller.exe
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-21 21:55 - 2012-10-04 12:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-21 18:28 - 2014-07-21 18:27 - 00001572 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-07-21 18:28 - 2014-07-21 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
2014-07-21 18:00 - 2014-07-21 17:57 - 00000000 ____D () C:\Users\User\Desktop\l
2014-07-21 12:00 - 2012-10-08 10:09 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-07-20 17:46 - 2012-11-05 13:38 - 00000000 ____D () C:\Users\User\AppData\Local\ArmA 2 OA
2014-07-19 22:36 - 2014-07-19 22:36 - 00001873 _____ () C:\Users\User\Desktop\Defiance.lnk
2014-07-19 22:36 - 2014-07-19 22:35 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000939 _____ () C:\Users\User\Desktop\Glyph.lnk
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\Users\User\AppData\Local\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-19 22:35 - 2014-07-19 22:35 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-19 17:25 - 2013-04-15 11:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 19:31 - 2014-07-18 19:24 - 00000000 ____D () C:\Users\User\AppData\Local\QQSM
2014-07-18 19:24 - 2014-07-18 09:29 - 00000000 ____D () C:\ProgramData\Solid State Networks
2014-07-18 14:24 - 2014-07-18 14:24 - 00003124 _____ () C:\Windows\System32\Tasks\{4B9D0582-BDE0-4C1E-B2D8-9A6F6DA79C8B}
2014-07-18 14:23 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tropico 4
2014-07-18 11:22 - 2014-04-12 11:27 - 00000000 ____D () C:\Users\User\AppData\Local\Arma 3
2014-07-18 11:14 - 2014-07-18 11:14 - 00000090 _____ () C:\Users\User\Desktop\..txt
2014-07-18 09:54 - 2014-07-18 09:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 17:55 - 2013-10-02 17:17 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-07-15 00:06 - 2014-07-14 23:52 - 00001416 _____ () C:\Users\User\Desktop\Oblivion Mod Manager.lnk
2014-07-15 00:06 - 2014-07-14 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2014-07-12 15:25 - 2014-07-12 15:25 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2014-07-12 12:52 - 2014-05-27 12:33 - 00000000 ____D () C:\Users\User\Desktop\sprengel1974@mail.ru - Почта Mail.Ru-Dateien
2014-07-12 12:50 - 2014-07-09 22:05 - 00000000 ____D () C:\Users\User\Desktop\Neuer Ordner
2014-07-12 02:53 - 2014-07-12 02:53 - 00001133 _____ () C:\Users\User\Desktop\Cheat Engine 6.3 (64-bit).lnk
2014-07-09 22:04 - 2014-07-09 22:04 - 00000222 _____ () C:\Users\User\Desktop\Arma 3.url
2014-07-09 22:04 - 2012-10-03 00:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-09 22:01 - 2014-07-09 22:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\globalip
2014-07-09 18:49 - 2012-06-01 17:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 18:49 - 2012-06-01 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 18:49 - 2012-06-01 17:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:41 - 2014-07-09 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\WSplitTimer
2014-07-08 19:27 - 2014-06-26 22:45 - 00000000 ____D () C:\Users\User\AppData\Local\Game Dev Tycoon - Steam
2014-07-08 12:27 - 2014-07-08 12:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 10:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 19:08 - 2012-10-02 23:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 17:40 - 2012-11-20 00:50 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-07-03 15:56 - 2014-07-03 15:56 - 00000089 _____ () C:\Users\User\.atl.properties
2014-07-03 12:27 - 2014-04-02 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-03 12:27 - 2013-09-24 18:01 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 14:09 - 2012-10-01 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-28 15:38 - 2014-06-28 15:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kalypso Media
2014-06-26 09:25 - 2014-06-26 09:25 - 00000222 _____ () C:\Users\User\Desktop\resident evil 4 biohazard 4.url
2014-06-24 11:21 - 2013-02-13 22:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-06-24 11:20 - 2013-09-24 18:00 - 00000000 ____D () C:\ProgramData\AVG2014
Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\awesomium_setup.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 07:07
==================== End Of Log ============================
Dass wäre alles gewesen MfG Alex |
|
25.07.2014, 17:37
| #10 |
| /// the machine /// TB-Ausbilder | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-22] () [File not signed]
C:\Program Files (x86)\Tor
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2014, 18:04
| #11 |
| | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. So diesmal wirklich zum letzten mal Hallo. Also ich hier die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by User at 2014-07-25 19:01:38 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-22] () [File not signed]
C:\Program Files (x86)\Tor
*****************
tor => Service not found.
"C:\Program Files (x86)\Tor" => File/Directory not found.
==== End of Fixlog ====
So dann sage ich mal vielen DANK für diese große Hilfe MfG Alex |
|
26.07.2014, 08:09
| #12 |
| /// the machine /// TB-Ausbilder | Maus und Tastatur reagieren nicht mehr nach Trojaner bekämpfung. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
