| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SpeedChecker gefunden - gelöscht, taucht aber immer wieder aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.09.2014, 13:09
| #1 |
 |  SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Hallo Trojaner-Board-Team, mein Antiviren-Programm (F-Secure) hat gestern beim Schan eine Menge unerwünschte Programme gefunden, leider habe ich keine Möglichkeit gefunden die Logs als .txt Dateien zu erstellen, hab dann noch mit MBAM gescannt und werde diese Logs unten anhängen. Das Problem besteht darin, dass F-Secure, sowie auch MBAM die Maleware gelöscht haben, aber nach jedem Neustart finden sie wieder unerwünschte Dateien / Registrierungsschlüssel Nach der Anleitung hier im Forum habe ich jetzt folgende Logs erstellt: defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:24 on 11/09/2014 (Verwaltung)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter ==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 01
Ran by Seregahl at 2014-09-11 13:46:55
Running from C:\Users\Seregahl\Dateien und Dokumente\Daten Seregahl\Sicherheit
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Computer Security 14.99.103.0 (release) (x32 Version: 14.99.103.0 - F-Secure Corporation) Hidden
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Dark Messiah (HKLM-x32\...\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}) (Version: 1.0 - Ubisoft)
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EMC 10 Content (x32 Version: 1.0.035 - Ihr Firmenname) Hidden
EMCGadgets64 (Version: 1.0.302 - Ihr Firmenname) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 1.99.192.0 - F-Secure Corporation)
F-Secure (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (x32 Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II (HKLM-x32\...\Gothic II) (Version: - )
Gothic III - Forsaken Gods (HKLM-x32\...\{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}) (Version: 1.0.0 - JoWooD)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version: - )
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version: - Klett)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Online Safety 2.99.2293.1524 (x32 Version: 2.99.2293.1524 - F-Secure Corporation) Hidden
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version: - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version: - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version: - )
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.00 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.12.8 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6299 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.106 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - Croteam)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
X3: Reunion v2.0.02 (HKLM-x32\...\X3-Reunion2.0.02DE_is1) (Version: - EGOSOFT)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Verwaltung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DeathAdder => C:\Drivers\Razer DeathAdder\razerhid.exe
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
==================== Faulty Device Manager Devices =============
Name: F:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: H:\
Description: SM/xD-Picture
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: I:\
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2014 00:43:30 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2014-09-11 12:43:30+02:00 ZUHAUSE-Seregahl ZUHAUSE-Seregahl\Seregahl F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SCORE.EXE.
Infection: Trojan.Agent.BFFT
Error: (09/11/2014 00:35:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/11/2014 00:33:50 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/10/2014 05:15:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/10/2014 02:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.0.5350, Zeitstempel: 0x53fc3d9f
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.0.5350, Zeitstempel: 0x53fc0a56
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/10/2014 02:06:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 32.0.0.5350 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19e8
Startzeit: 01cfccef5eaff439
Endzeit: 72
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: d764120f-38e2-11e4-b637-b8ac6f9b810f
Error: (09/10/2014 01:59:43 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/10/2014 01:50:21 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/10/2014 01:26:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Msiexec.exe, Version 5.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 137c
Startzeit: 01cfcce9f6259471
Endzeit: 16
Anwendungspfad: C:\Windows\SysWOW64\Msiexec.exe
Berichts-ID: 5a0ba97e-38dd-11e4-94c4-b8ac6f9b810f
Error: (09/10/2014 01:04:21 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 6 2014-09-10 13:04:21+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\program files (x86)\reason\should i remove it\shouldiremoveit.exe
File hash: 8ef4b85277a84dd5ace789afc6333e477c5d9ba0
System errors:
=============
Error: (09/11/2014 01:02:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 01:02:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 01:01:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
RxFilter
sfhlp01
Error: (09/11/2014 01:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/11/2014 01:01:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/11/2014 00:44:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "scores" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2014 11:34:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 11:33:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 11:33:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
RxFilter
sfhlp01
Error: (09/11/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:31:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6404 seconds with 4680 seconds of active time. This session ended with a crash.
Error: (01/05/2011 00:53:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2112 seconds with 1980 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 6103.08 MB
Available physical RAM: 4113.89 MB
Total Pagefile: 12204.34 MB
Available Pagefile: 9835.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1789.5 GB) (Free:1424.94 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:63.02 GB) (Free:32.43 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
11.09.2014, 13:11
| #2 |
| /// TB-Ausbilder   | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Hallo Seregahl
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Mach nochmal nen FRST Lauf bitte, ob die frst.txt weiterhin leer bleibt. Darauf achten, das FRST "als Administrator" gestartet wird
__________________ |
|
11.09.2014, 13:12
| #3 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf MBAM vom 10.9.2014
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.09.2014 Suchlauf-Zeit: 11:10:50 Logdatei: MBAM (10.9.).txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.09.10.03 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Seregahl Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293155 Verstrichene Zeit: 7 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.AdLyrics, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AD754AD8-63DC-B8C9-9661-146760DBD7A8, Löschen bei Neustart, [8e6dcc1fd7a449edff5ab59eda262cd4], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 5 PUP.Optional.AdLyrics, C:\Program Files (x86)\ver0SpeedChecker\O0SpeedCheckerq40.exe, Löschen bei Neustart, [a259c6254a314aec8acf361d55abc040], PUP.Optional.AdLyrics, C:\Program Files (x86)\ver0SpeedChecker\Uninstall.exe, Löschen bei Neustart, [8e6dcc1fd7a449edff5ab59eda262cd4], PUP.Optional.DomaIQ, C:\Users\Seregahl\Downloads\mcpatcher_4.exe, In Quarantäne, [b447edfed0ab181ec10d67ec9b657987], PUP.Optional.SpeedChecker, c:\Windows\System32\Tasks\speedchecker update, Löschen bei Neustart, [54a793587209ee4814e272851ee40000], PUP.Optional.SpeedChecker, C:\Windows\Tasks\SpeedChecker Update.job, Löschen bei Neustart, [57a437b4e299b5819c5b07f057abb54b], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.09.2014 Suchlauf-Zeit: 12:53:18 Logdatei: MBAM (11.9).txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.09.11.02 Rootkit Datenbank: v2014.09.10.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Seregahl Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 287777 Verstrichene Zeit: 6 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.SpeedChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SpeedChecker, Löschen bei Neustart, [a2bc787477043402afd56c8ddb27d927], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.SpeedChecker.A, C:\Windows\Tasks\SpeedChecker_wd.job, Löschen bei Neustart, [afaf21cb007b1d1983038c6d3ac88977], PUP.Optional.SpeedChecker.A, c:\Windows\System32\Tasks\speedchecker_wd, Löschen bei Neustart, [e57927c5007b1d19404744b5cb37748c], Physische Sektoren: 0 (No malicious items detected) (end)  Ich hoffe ich bring den Schädling wieder los! Grüße! Seregahl PS.: das Gmerlog ist leider zu groß für einen Post... soll ich es als Anhang hinzufügen? |
|
11.09.2014, 13:15
| #4 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Besser aufteilen
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.09.2014, 13:18
| #5 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf hier nocheinmal das FRST-Log, diesmal mit Inhalt... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Seregahl (ATTENTION: The logged in user is not administrator) on ZUHAUSE-Seregahl on 11-09-2014 14:16:11
Running from C:\Users\Seregahl\Dateien und Dokumente\Daten Seregahl\Sicherheit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCHER0.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2013-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-05] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ZuHause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3259225011-1369774613-1014735326-1000\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:14405;https=127.0.0.1:14405
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.search-results.com?o=102348&tb=STC-SRS
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKCU - DefaultScope {42099815-8CDF-4CC7-85FA-BB3B8C716087} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {2581103E-E97F-46AE-AF54-8E32BE4F521A} URL =
SearchScopes: HKCU - {42099815-8CDF-4CC7-85FA-BB3B8C716087} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {60E90E77-8FB9-452C-B786-E4DF54A13A5C} URL =
SearchScopes: HKCU - {C1CF62F3-0B21-4202-BB4F-82FABD03F27C} URL = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=kw&q={searchTerms}&locale=&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=C130DE12-F40B-40AB-B1E7-E037A0849EAC&apn_sauid=7F73FC48-833A-4273-B20D-3D7B743FD953&
BHO: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178_x64.dll No File
BHO: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178.dll No File
BHO-x32: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\xerf9fr9.default-1410350834528
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\xerf9fr9.default-1410350834528\Extensions\firefox@ghostery.com.xpi [2014-09-10]
FF Extension: NoScript - C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\xerf9fr9.default-1410350834528\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-10]
FF Extension: Adblock Plus - C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\xerf9fr9.default-1410350834528\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{5672192b-80c9-4697-b84e-72e738d61435}] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https
FF Extension: Online Safety - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https [2013-10-02]
FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Seregahl\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Seregahl\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-02-11]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_chrome_https\fs_chrome_https.crx [2014-05-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2013-11-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-10] (F-Secure Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S4 SpeedChecker; C:\Program Files (x86)\ver0SpeedChecker\G9SpeedCheckerkX178.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [553472 2008-09-25] (Atheros Communications, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-02] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2011-05-31] ()
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-07-10] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-07-10] (Razer Inc)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 DNINDIS4; \??\C:\Windows\system32\DNINDIS4.SYS [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
U2 WZCSVC; No ImagePath
U3 kwdiqpoc; \??\C:\Users\VERWAL~1\AppData\Local\Temp\kwdiqpoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 13:46 - 2014-09-11 14:16 - 00000000 ____D () C:\FRST
2014-09-11 13:41 - 2014-09-11 13:52 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:40 - 2014-09-11 13:51 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:35 - 2014-09-11 13:51 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:26 - 2014-09-11 13:50 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:26 - 2014-09-11 13:47 - 00000062 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-10 21:33 - 2014-09-10 21:34 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:02 - 2014-09-10 13:22 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2014-09-11 13:01 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-28 10:33 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:33 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:33 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 17:04 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 17:04 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 17:03 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 17:03 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 17:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 17:03 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 17:03 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 17:03 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 17:03 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 17:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 17:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 17:03 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 17:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 17:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 17:03 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 17:03 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 17:03 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 17:03 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 17:03 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 17:03 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 17:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 17:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 17:02 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 17:02 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 17:02 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 17:01 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 17:01 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 17:01 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 17:01 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 17:01 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 17:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 17:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 17:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 17:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 14:16 - 2014-09-11 13:46 - 00000000 ____D () C:\FRST
2014-09-11 13:52 - 2014-09-11 13:41 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:51 - 2014-09-11 13:40 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:51 - 2014-09-11 13:35 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:50 - 2014-09-11 13:26 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:47 - 2014-09-11 13:26 - 00000062 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 13:45 - 2009-07-14 07:10 - 02041380 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:24 - 2012-11-23 10:27 - 00000000 ____D () C:\Users\Verwaltung
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-11 13:23 - 2010-06-19 18:45 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 13:08 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:08 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:05 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 13:05 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 13:05 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 13:01 - 2014-09-10 10:57 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 13:01 - 2010-06-19 18:45 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 13:01 - 2010-06-09 08:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-11 13:01 - 2010-06-09 07:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 13:01 - 2010-06-09 07:37 - 00276818 _____ () C:\Windows\PFRO.log
2014-09-11 13:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 13:01 - 2009-07-14 06:51 - 00307383 _____ () C:\Windows\setupact.log
2014-09-11 13:00 - 2012-04-23 14:14 - 00000000 ___RD () C:\Users\Seregahl\Dropbox
2014-09-11 11:59 - 2011-09-03 13:44 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Dropbox
2014-09-11 11:36 - 2012-12-11 08:59 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{011DAFB9-C3DA-45D0-A53A-D75751E1C194}
2014-09-11 00:33 - 2013-08-22 15:55 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Battle.net
2014-09-11 00:00 - 2012-11-03 09:59 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\.minecraft
2014-09-10 23:12 - 2010-06-16 12:41 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\TS3Client
2014-09-10 21:34 - 2014-09-10 21:33 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:48 - 2013-07-26 12:36 - 00000000 ____D () C:\Users\Seregahl\.gimp-2.8
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 19:46 - 2013-07-26 12:39 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\gtk-2.0
2014-09-10 14:27 - 2013-08-24 13:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-09-10 13:59 - 2010-11-22 14:53 - 00000678 __RSH () C:\Users\Seregahl\ntuser.pol
2014-09-10 13:59 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl
2014-09-10 13:51 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-10 13:51 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-10 13:49 - 2014-06-09 13:36 - 00001400 _____ () C:\DelFix.txt
2014-09-10 13:38 - 2014-06-02 11:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:22 - 2014-09-10 13:02 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-10 13:12 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\SoftThinks
2014-09-10 13:11 - 2013-01-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 13:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 11:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 11:17 - 2013-01-02 21:24 - 00000000 ____D () C:\Windows\pss
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-06 13:42 - 2014-05-29 14:38 - 529779715 _____ () C:\Windows\MEMORY.DMP
2014-09-06 13:42 - 2011-08-31 11:56 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-29 14:36 - 2014-08-07 09:32 - 00000601 _____ () C:\Users\Seregahl\Desktop\Prüfungstermine.txt
2014-08-29 00:28 - 2014-04-22 10:43 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\WesterosCraft
2014-08-28 18:50 - 2009-07-14 06:45 - 00407704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:06 - 2012-05-15 11:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-23 04:07 - 2014-08-28 10:33 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 10:33 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 10:33 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:42 - 2013-08-22 15:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-18 23:24 - 2013-12-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-18 19:07 - 2010-06-12 09:10 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Deployment
2014-08-16 12:15 - 2012-04-23 14:19 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 00:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 22:01 - 2010-06-09 07:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 21:57 - 2013-08-03 01:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2010-06-13 01:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:52 - 2014-04-30 15:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Seregahl\AppData\Local\Temp\cleanup_tool.exe
C:\Users\Seregahl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcdkjhw.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- Das Gmer-Log alleine passt nicht mal in einen Post, soll ich das Log dann an sich aufteilen? |
|
11.09.2014, 13:20
| #6 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Bitte alle Tools als Administrator starten ! Mach nochmal FRST, als Admin inkl. Addition: Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ --> SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf |
|
11.09.2014, 13:27
| #7 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Entschuldigung, hat ein wenig gedauert... FRST-Additional-Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Verwaltung at 2014-09-11 14:24:41
Running from C:\Users\Seregahl\Dateien und Dokumente\Daten Seregahl\Sicherheit
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Computer Security 14.99.103.0 (release) (x32 Version: 14.99.103.0 - F-Secure Corporation) Hidden
Dark Messiah (HKLM-x32\...\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}) (Version: 1.0 - Ubisoft)
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Ihr Firmenname) Hidden
EMCGadgets64 (Version: 1.0.302 - Ihr Firmenname) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 1.99.192.0 - F-Secure Corporation)
F-Secure (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (x32 Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II (HKLM-x32\...\Gothic II) (Version: - )
Gothic III - Forsaken Gods (HKLM-x32\...\{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}) (Version: 1.0.0 - JoWooD)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version: - )
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version: - Klett)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Online Safety 2.99.2293.1524 (x32 Version: 2.99.2293.1524 - F-Secure Corporation) Hidden
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version: - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version: - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version: - )
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.00 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.12.8 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6299 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.106 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - Croteam)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
X3: Reunion v2.0.02 (HKLM-x32\...\X3-Reunion2.0.02DE_is1) (Version: - EGOSOFT)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Seregahl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{8c9b5d7b-a297-4606-95e7-99717aa19cb4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{e6268cac-32ef-4e37-b586-d9c2d12387c1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Seregahl\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Seregahl\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Seregahl\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3259225011-1369774613-1014735326-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Seregahl\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
==================== Restore Points =========================
10-09-2014 11:49:14 Ende der Bereinigung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {21B9F90C-DB7A-4EF9-B040-DCC44EB53EA4} - System32\Tasks\{FC681E79-5012-4967-8A7E-1909C321DDFC} => C:\Benutzer\Seregahl\Spiele\RollenspieleI\Pool of Radiance\Pool II.exe
Task: {24B5CB14-4447-4842-97E1-3F78773CCA50} - System32\Tasks\{10506BE9-A210-409B-9580-0CEE98609E67} => E:\Setup.exe
Task: {3039F8D7-AF4A-4B60-84A0-2388B647A1DA} - \SpeedChecker_wd No Task File <==== ATTENTION
Task: {36173529-50AA-4989-8CCA-B82B790ED75C} - System32\Tasks\{E1D0751B-23F4-46FA-88F0-75ABA35E9076} => C:\Users\Seregahl\Spiele\Strategie\ANNO 1503\1503Startup.exe
Task: {540A2E37-CBFB-4C87-857F-3062DDF5AB34} - System32\Tasks\{067EBA42-884E-4374-A125-3B8AA08F19DA} => E:\Gothic2-Setup.exe
Task: {726FE089-DE76-4B78-9987-2CAF5CC92B98} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7BEC0067-8C46-4187-A001-68AF213D10B3} - System32\Tasks\{C9B840C0-8D4C-4906-8796-81F743CE9F42} => E:\Gothic2-Setup.exe
Task: {809F9CAC-92F2-4C19-A9A6-CE8C591EC370} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19] (Google Inc.)
Task: {A3BA0637-8A41-494C-8CC5-97B5F07274EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19] (Google Inc.)
Task: {B68D2AD8-53B1-4B17-848C-94A1B1AF191D} - System32\Tasks\{FAE8887A-14F6-4260-A628-45E6C429F423} => C:\Users\Seregahl\Spiele\Action\Prince of Persia Warrior Within\PrinceOfPersia.exe [2004-11-06] (UBISOFT)
Task: {B83E4B92-4ACF-403E-B871-ACF3B7262AC3} - System32\Tasks\{32533CEE-07D9-40E8-B1D5-C82B19B258F4} => E:\autorun.exe
Task: {BC79B3AF-A59E-48E7-BAA1-56537E30F308} - System32\Tasks\{6E4EF77B-D93F-48D8-BA5F-FF00A4FA0750} => C:\Users\Seregahl\Spiele\Rollenspiele\Gorasul\gorasul.exe
Task: {DD8B352D-426A-4C71-86F4-626681F4F37C} - System32\Tasks\{D6A87298-46B1-417F-AEE6-AB109DFECBF9} => E:\Gothic2-Setup.exe
Task: {E1998D79-FDA7-429A-BE1E-9C666F077690} - System32\Tasks\{5E70A58F-C4AB-4CA4-9567-9C74B14E4761} => E:\setup.exe
Task: {EA058374-1A8A-4AB2-88E9-C01B3BF7C324} - System32\Tasks\{8D22C99E-5988-46D3-A650-39BEE1756D45} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1618
Task: {EE3E37F9-2FAE-45D1-982A-B34221B1FDA6} - System32\Tasks\{9EE73F5D-2EE9-4171-AA05-8D67A2BA05CB} => C:\Users\Seregahl\Spiele\Rollenspiele\Gorasul\gorasul.exe
Task: {FEA7A61C-B038-49F2-AB6C-A9DBE1BE0001} - System32\Tasks\{BD9691B8-8DFF-48A8-A656-688831A87712} => C:\Benutzer\Seregahl\Spiele\RollenspieleI\Pool of Radiance\Pool II.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-09-11 19:19 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-09 08:00 - 2011-08-18 17:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-09-11 07:49 - 2013-09-11 07:49 - 00220096 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2010-06-09 07:55 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-02 09:07 - 2013-10-02 09:07 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-10-02 08:46 - 2014-05-25 13:20 - 00949288 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-10-02 08:46 - 2014-02-11 17:17 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2014-02-11 17:12 - 2014-02-11 17:12 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.77_none_b59ef0c311fca244\QtMultimediaKit1.dll
2014-09-10 12:26 - 2014-08-26 10:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Verwaltung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DeathAdder => C:\Drivers\Razer DeathAdder\razerhid.exe
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
==================== Faulty Device Manager Devices =============
Name: F:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: H:\
Description: SM/xD-Picture
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: I:\
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2014 02:23:34 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2014-09-11 14:23:34+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 02:14:30 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5 2014-09-11 14:14:30+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 02:14:11 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 4 2014-09-11 14:14:11+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 02:13:59 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 3 2014-09-11 14:13:59+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 02:13:44 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2 2014-09-11 14:13:44+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 02:13:23 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2014-09-11 14:13:23+02:00 ZUHAUSE-Seregahl SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Seregahl\dateien und dokumente\daten Seregahl\sicherheit\frst64.exe
File hash: 748c68b266d64e1c3e610d78e507a37f341f0a83
Error: (09/11/2014 00:43:30 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2014-09-11 12:43:30+02:00 ZUHAUSE-Seregahl ZUHAUSE-Seregahl\Seregahl F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SCORE.EXE.
Infection: Trojan.Agent.BFFT
Error: (09/11/2014 00:35:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/11/2014 00:33:50 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/10/2014 05:15:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (09/11/2014 02:22:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 01:02:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 01:02:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 01:01:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
RxFilter
sfhlp01
Error: (09/11/2014 01:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/11/2014 01:01:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/11/2014 00:44:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "scores" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2014 11:34:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 11:33:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (09/11/2014 11:33:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
RxFilter
sfhlp01
Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:31:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6404 seconds with 4680 seconds of active time. This session ended with a crash.
Error: (01/05/2011 00:53:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2112 seconds with 1980 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 6103.08 MB
Available physical RAM: 3607.33 MB
Total Pagefile: 12204.34 MB
Available Pagefile: 9039.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1789.5 GB) (Free:1424.81 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:63.02 GB) (Free:32.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1800 GB) (Disk ID: 58000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1789.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 63 GB) (Disk ID: 2709E86A)
Partition 1: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Verwaltung (administrator) on ZUHAUSE-Seregahl on 11-09-2014 14:24:22
Running from C:\Users\Seregahl\Dateien und Dokumente\Daten Seregahl\Sicherheit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCHER0.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCHER0.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2013-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-05] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ZuHause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3259225011-1369774613-1014735326-1000\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
BHO: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178_x64.dll No File
BHO: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178.dll No File
BHO-x32: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: NoScript - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-22]
FF Extension: Adblock Plus - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{5672192b-80c9-4697-b84e-72e738d61435}] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https
FF Extension: Online Safety - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https [2013-10-02]
FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Verwaltung\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Verwaltung\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{FA6048EE-7061-9EBE-B4B5-C7ECA466696E}] - C:\Program Files (x86)\ver0SpeedChecker\178.xpi
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_chrome_https\fs_chrome_https.crx [2014-05-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2013-11-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-10] (F-Secure Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S4 SpeedChecker; C:\Program Files (x86)\ver0SpeedChecker\G9SpeedCheckerkX178.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [553472 2008-09-25] (Atheros Communications, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-02] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2011-05-31] ()
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-07-10] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-07-10] (Razer Inc)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 DNINDIS4; \??\C:\Windows\system32\DNINDIS4.SYS [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
U2 WZCSVC; No ImagePath
U3 kwdiqpoc; \??\C:\Users\VERWAL~1\AppData\Local\Temp\kwdiqpoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 13:46 - 2014-09-11 14:24 - 00000000 ____D () C:\FRST
2014-09-11 13:41 - 2014-09-11 13:52 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:40 - 2014-09-11 13:51 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:35 - 2014-09-11 13:51 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:26 - 2014-09-11 14:17 - 00037604 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 13:26 - 2014-09-11 13:50 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:24 - 2014-09-11 13:24 - 00000000 _____ () C:\Users\Verwaltung\defogger_reenable
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-10 21:33 - 2014-09-10 21:34 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:30 - 2014-09-10 13:30 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\ESRI
2014-09-10 13:02 - 2014-09-10 13:22 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-10 12:47 - 2014-09-10 12:47 - 00347440 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit-portable.exe
2014-09-10 12:44 - 2014-09-10 12:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2014-09-11 13:01 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-06 13:42 - 2014-09-06 13:42 - 00290096 _____ () C:\Windows\Minidump\090614-19312-01.dmp
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-29 19:27 - 2014-08-29 19:27 - 00699512 _____ () C:\Windows\Minidump\082914-18766-01.dmp
2014-08-28 10:33 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:33 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:33 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 17:04 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 17:04 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 17:03 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 17:03 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 17:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 17:03 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 17:03 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 17:03 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 17:03 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 17:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 17:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 17:03 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 17:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 17:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 17:03 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 17:03 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 17:03 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 17:03 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 17:03 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 17:03 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 17:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 17:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 17:02 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 17:02 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 17:02 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 17:01 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 17:01 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 17:01 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 17:01 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 17:01 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 17:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 17:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 17:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 17:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 14:24 - 2014-09-11 13:46 - 00000000 ____D () C:\FRST
2014-09-11 14:23 - 2010-06-19 18:45 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 14:21 - 2012-11-23 10:27 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\SoftThinks
2014-09-11 14:21 - 2010-06-19 18:45 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 14:21 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-11 14:21 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-11 14:21 - 2010-06-09 08:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-11 14:17 - 2014-09-11 13:26 - 00037604 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 13:52 - 2014-09-11 13:41 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:51 - 2014-09-11 13:40 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:51 - 2014-09-11 13:35 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:50 - 2014-09-11 13:26 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:45 - 2009-07-14 07:10 - 02041380 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:24 - 2014-09-11 13:24 - 00000000 _____ () C:\Users\Verwaltung\defogger_reenable
2014-09-11 13:24 - 2012-11-23 10:27 - 00000000 ____D () C:\Users\Verwaltung
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-11 13:08 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:08 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:05 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 13:05 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 13:05 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 13:01 - 2014-09-10 10:57 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 13:01 - 2010-06-09 07:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 13:01 - 2010-06-09 07:37 - 00276818 _____ () C:\Windows\PFRO.log
2014-09-11 13:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 13:01 - 2009-07-14 06:51 - 00307383 _____ () C:\Windows\setupact.log
2014-09-11 13:00 - 2012-04-23 14:14 - 00000000 ___RD () C:\Users\Seregahl\Dropbox
2014-09-11 11:59 - 2011-09-03 13:44 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Dropbox
2014-09-11 11:36 - 2012-12-11 08:59 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{011DAFB9-C3DA-45D0-A53A-D75751E1C194}
2014-09-11 00:33 - 2013-08-22 15:55 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Battle.net
2014-09-11 00:00 - 2012-11-03 09:59 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\.minecraft
2014-09-10 23:12 - 2010-06-16 12:41 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\TS3Client
2014-09-10 21:34 - 2014-09-10 21:33 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:48 - 2013-07-26 12:36 - 00000000 ____D () C:\Users\Seregahl\.gimp-2.8
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 19:46 - 2013-07-26 12:39 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\gtk-2.0
2014-09-10 14:27 - 2013-08-24 13:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-09-10 13:59 - 2010-11-22 14:53 - 00000678 __RSH () C:\Users\Seregahl\ntuser.pol
2014-09-10 13:59 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl
2014-09-10 13:49 - 2014-06-09 13:36 - 00001400 _____ () C:\DelFix.txt
2014-09-10 13:38 - 2014-06-02 11:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:30 - 2014-09-10 13:30 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\ESRI
2014-09-10 13:22 - 2014-09-10 13:02 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-10 13:12 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\SoftThinks
2014-09-10 13:11 - 2013-01-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 13:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-10 12:47 - 2014-09-10 12:47 - 00347440 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit-portable.exe
2014-09-10 12:44 - 2014-09-10 12:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 11:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 11:17 - 2013-01-02 21:24 - 00000000 ____D () C:\Windows\pss
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-06 13:42 - 2014-09-06 13:42 - 00290096 _____ () C:\Windows\Minidump\090614-19312-01.dmp
2014-09-06 13:42 - 2014-05-29 14:38 - 529779715 _____ () C:\Windows\MEMORY.DMP
2014-09-06 13:42 - 2011-08-31 11:56 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-29 19:27 - 2014-08-29 19:27 - 00699512 _____ () C:\Windows\Minidump\082914-18766-01.dmp
2014-08-29 14:36 - 2014-08-07 09:32 - 00000601 _____ () C:\Users\Seregahl\Desktop\Prüfungstermine.txt
2014-08-29 00:28 - 2014-04-22 10:43 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\WesterosCraft
2014-08-28 18:50 - 2009-07-14 06:45 - 00407704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:06 - 2012-05-15 11:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-23 04:07 - 2014-08-28 10:33 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 10:33 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 10:33 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:42 - 2013-08-22 15:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-18 23:24 - 2013-12-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-18 19:07 - 2010-06-12 09:10 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Deployment
2014-08-16 12:15 - 2012-04-23 14:19 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 00:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 22:01 - 2010-06-09 07:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 21:57 - 2013-08-03 01:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2010-06-13 01:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:52 - 2014-04-30 15:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Seregahl\AppData\Local\Temp\cleanup_tool.exe
C:\Users\Seregahl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcdkjhw.dll
C:\Users\Verwaltung\AppData\Local\Temp\msregmso.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 15:18
==================== End Of Log ============================
|
|
11.09.2014, 15:13
| #8 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3259225011-1369774613-1014735326-1000\User: Group Policy restriction detected <======= ATTENTION
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  SecurityCheck und:
Achtung, ESET dauert länger: ESET Online Scanner
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.09.2014, 22:56
| #9 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Hallo Timo, ich habe jetzt alle Scans gemacht, hier die Logs: Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Verwaltung at 2014-09-11 20:14:53 Run:1
Running from C:\Users\Verwaltung\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3259225011-1369774613-1014735326-1000\User: Group Policy restriction detected <======= ATTENTION
emptytemp:
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3259225011-1369774613-1014735326-1000\User => Moved successfully.
EmptyTemp: => Removed 345.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 20:21:21
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Verwaltung - ZUHAUSE-Seregahl
# Gestartet von : C:\Users\Verwaltung\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v32.0 (x86 de)
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\y3xm80cj.default\prefs.js ]
[ Datei : C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\4o4e2f0c.default-1410344187348\prefs.js ]
[ Datei : C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\ciklmw5e.default-1401791188068\prefs.js ]
[ Datei : C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\max0ie1k.default-1401718125733\prefs.js ]
[ Datei : C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\slweex8q.default\prefs.js ]
[ Datei : C:\Users\Seregahl\AppData\Roaming\Mozilla\Firefox\Profiles\xerf9fr9.default-1410350834528\prefs.js ]
[ Datei : C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\prefs.js ]
*************************
AdwCleaner[R1].txt - [1622 octets] - [11/09/2014 20:19:32]
AdwCleaner[S1].txt - [1561 octets] - [11/09/2014 20:21:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1621 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Verwaltung on 11.09.2014 at 20:24:59,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2014 at 20:29:48,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=897f7015574d4b44aba0bb9f3d2147c7
# engine=20112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-11 09:12:21
# local_time=2014-09-11 11:12:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9465 162099791 0 0
# scanned=365635
# found=2
# cleaned=0
# scan_time=9110
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="Variante von Win32/HiddenStart.A potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="Variante von Win32/HiddenStart.A potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Verwaltung (administrator) on ZUHAUSE-Seregahl on 11-09-2014 23:49:57
Running from C:\Users\Verwaltung\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSLAUNCHER0.EXE
(TeamSpeak Systems GmbH) C:\Users\Seregahl\Spiele\Teamspeak\TS3\ts3client_win32.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4944\Battle.net.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2013-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-05] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ZuHause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
BHO: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178_x64.dll No File
BHO: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SpeedChecker -> {10C9DCE3-BD9B-A120-FEC6-BB46DD12DBE3} -> C:\Program Files (x86)\ver0SpeedChecker\178.dll No File
BHO-x32: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: NoScript - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-22]
FF Extension: Adblock Plus - C:\Users\Verwaltung\AppData\Roaming\Mozilla\Firefox\Profiles\nve6qoyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{5672192b-80c9-4697-b84e-72e738d61435}] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https
FF Extension: Online Safety - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https [2013-10-02]
FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Verwaltung\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Verwaltung\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-03-22]
FF HKCU\...\Firefox\Extensions: [{FA6048EE-7061-9EBE-B4B5-C7ECA466696E}] - C:\Program Files (x86)\ver0SpeedChecker\178.xpi
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_chrome_https\fs_chrome_https.crx [2014-05-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2013-11-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-10] (F-Secure Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S4 SpeedChecker; C:\Program Files (x86)\ver0SpeedChecker\G9SpeedCheckerkX178.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [553472 2008-09-25] (Atheros Communications, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-02] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2011-05-31] ()
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-07-10] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-07-10] (Razer Inc)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 DNINDIS4; \??\C:\Windows\system32\DNINDIS4.SYS [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
U2 WZCSVC; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 23:48 - 2014-09-11 23:49 - 00015536 _____ () C:\Users\Verwaltung\Desktop\FRST.txt
2014-09-11 21:47 - 2014-09-11 21:47 - 00000000 ____D () C:\Users\Verwaltung\Documents\Diablo III
2014-09-11 21:37 - 2014-09-11 21:40 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\.minecraft
2014-09-11 21:35 - 2014-09-11 21:35 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\NVIDIA
2014-09-11 21:34 - 2014-09-11 23:50 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\Battle.net
2014-09-11 21:34 - 2014-09-11 21:35 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\Battle.net
2014-09-11 21:34 - 2014-09-11 21:34 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\Blizzard Entertainment
2014-09-11 21:32 - 2014-09-11 21:52 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\TS3Client
2014-09-11 20:35 - 2014-09-11 20:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:34 - 2014-09-11 20:34 - 02347384 _____ (ESET) C:\Users\Verwaltung\Desktop\esetsmartinstaller_deu.exe
2014-09-11 20:32 - 2014-09-11 20:32 - 00854417 _____ () C:\Users\Verwaltung\Desktop\SecurityCheck.exe
2014-09-11 20:29 - 2014-09-11 20:30 - 00000700 _____ () C:\Users\Verwaltung\Desktop\JRT.txt
2014-09-11 20:24 - 2014-09-11 20:24 - 01016261 _____ (Thisisu) C:\Users\Verwaltung\Desktop\JRT.exe
2014-09-11 20:23 - 2014-09-11 20:23 - 00001701 _____ () C:\Users\Verwaltung\Desktop\AdwCleaner[S1].txt
2014-09-11 20:19 - 2014-09-11 20:21 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:18 - 2014-09-11 20:18 - 01370483 _____ () C:\Users\Verwaltung\Desktop\adwcleaner_3.309.exe
2014-09-11 20:09 - 2014-09-11 20:09 - 00000199 _____ () C:\Users\Seregahl\Desktop\Fixlist.txt
2014-09-11 14:29 - 2014-09-11 13:51 - 00129787 _____ () C:\Users\Verwaltung\Desktop\Gmer.log
2014-09-11 13:46 - 2014-09-11 23:49 - 00000000 ____D () C:\FRST
2014-09-11 13:41 - 2014-09-11 13:52 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:40 - 2014-09-11 13:51 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:35 - 2014-09-11 13:51 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:26 - 2014-09-11 14:17 - 00037604 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 13:26 - 2014-09-11 13:50 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:24 - 2014-09-11 13:24 - 00000000 _____ () C:\Users\Verwaltung\defogger_reenable
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-10 21:33 - 2014-09-10 21:34 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:30 - 2014-09-10 13:30 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\ESRI
2014-09-10 12:47 - 2014-09-10 12:47 - 00347440 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit-portable.exe
2014-09-10 12:44 - 2014-09-10 12:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2014-09-11 20:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-06 13:42 - 2014-09-06 13:42 - 00290096 _____ () C:\Windows\Minidump\090614-19312-01.dmp
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-29 19:27 - 2014-08-29 19:27 - 00699512 _____ () C:\Windows\Minidump\082914-18766-01.dmp
2014-08-28 10:33 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:33 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:33 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 17:04 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 17:04 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 17:03 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 17:03 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 17:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 17:03 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 17:03 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 17:03 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 17:03 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 17:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 17:03 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 17:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 17:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 17:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 17:03 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 17:03 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 17:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 17:03 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 17:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 17:03 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 17:03 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 17:03 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 17:03 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 17:03 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 17:03 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 17:03 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 17:03 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 17:03 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 17:03 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 17:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 17:03 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 17:03 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 17:03 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 17:03 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 17:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 17:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 17:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 17:03 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 17:02 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 17:02 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 17:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 17:02 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 17:02 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 17:01 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 17:01 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 17:01 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 17:01 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 17:01 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 17:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 17:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 17:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 17:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 17:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 17:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 23:50 - 2014-09-11 23:48 - 00015536 _____ () C:\Users\Verwaltung\Desktop\FRST.txt
2014-09-11 23:50 - 2014-09-11 21:34 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\Battle.net
2014-09-11 23:49 - 2014-09-11 13:46 - 00000000 ____D () C:\FRST
2014-09-11 23:23 - 2010-06-19 18:45 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 22:20 - 2009-07-14 07:10 - 01237991 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 21:52 - 2014-09-11 21:32 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\TS3Client
2014-09-11 21:47 - 2014-09-11 21:47 - 00000000 ____D () C:\Users\Verwaltung\Documents\Diablo III
2014-09-11 21:40 - 2014-09-11 21:37 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\.minecraft
2014-09-11 21:35 - 2014-09-11 21:35 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\NVIDIA
2014-09-11 21:35 - 2014-09-11 21:34 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\Battle.net
2014-09-11 21:34 - 2014-09-11 21:34 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\Blizzard Entertainment
2014-09-11 20:35 - 2014-09-11 20:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:34 - 2014-09-11 20:34 - 02347384 _____ (ESET) C:\Users\Verwaltung\Desktop\esetsmartinstaller_deu.exe
2014-09-11 20:32 - 2014-09-11 20:32 - 00854417 _____ () C:\Users\Verwaltung\Desktop\SecurityCheck.exe
2014-09-11 20:30 - 2014-09-11 20:29 - 00000700 _____ () C:\Users\Verwaltung\Desktop\JRT.txt
2014-09-11 20:29 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 20:29 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 20:29 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 20:29 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 20:29 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 20:24 - 2014-09-11 20:24 - 01016261 _____ (Thisisu) C:\Users\Verwaltung\Desktop\JRT.exe
2014-09-11 20:23 - 2014-09-11 20:23 - 00001701 _____ () C:\Users\Verwaltung\Desktop\AdwCleaner[S1].txt
2014-09-11 20:22 - 2012-11-23 10:27 - 00000000 ____D () C:\Users\Verwaltung\AppData\Local\SoftThinks
2014-09-11 20:22 - 2010-06-19 18:45 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 20:22 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-11 20:22 - 2010-06-09 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-11 20:22 - 2010-06-09 08:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-11 20:22 - 2010-06-09 07:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 20:22 - 2010-06-09 07:37 - 00279452 _____ () C:\Windows\PFRO.log
2014-09-11 20:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 20:22 - 2009-07-14 06:51 - 00307887 _____ () C:\Windows\setupact.log
2014-09-11 20:21 - 2014-09-11 20:19 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:18 - 2014-09-11 20:18 - 01370483 _____ () C:\Users\Verwaltung\Desktop\adwcleaner_3.309.exe
2014-09-11 20:16 - 2014-09-10 10:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 20:14 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-11 20:12 - 2010-06-16 12:41 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\TS3Client
2014-09-11 20:09 - 2014-09-11 20:09 - 00000199 _____ () C:\Users\Seregahl\Desktop\Fixlist.txt
2014-09-11 16:10 - 2013-08-22 15:55 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Battle.net
2014-09-11 15:11 - 2012-12-11 08:59 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{011DAFB9-C3DA-45D0-A53A-D75751E1C194}
2014-09-11 14:17 - 2014-09-11 13:26 - 00037604 _____ () C:\Users\Seregahl\Desktop\FRST.txt
2014-09-11 14:13 - 2014-06-02 14:21 - 02105856 _____ (Farbar) C:\Users\Verwaltung\Desktop\FRST64.exe
2014-09-11 13:52 - 2014-09-11 13:41 - 00001509 _____ () C:\Users\Seregahl\Desktop\MBAM (11.9).txt
2014-09-11 13:51 - 2014-09-11 14:29 - 00129787 _____ () C:\Users\Verwaltung\Desktop\Gmer.log
2014-09-11 13:51 - 2014-09-11 13:40 - 00001965 _____ () C:\Users\Seregahl\Desktop\MBAM (10.9.).txt
2014-09-11 13:51 - 2014-09-11 13:35 - 00129787 _____ () C:\Users\Seregahl\Desktop\Gmer.log
2014-09-11 13:50 - 2014-09-11 13:26 - 00032341 _____ () C:\Users\Seregahl\Desktop\Addition.txt
2014-09-11 13:27 - 2014-09-11 13:27 - 00380416 _____ () C:\Users\Seregahl\Downloads\Gmer-19357.exe
2014-09-11 13:25 - 2014-09-11 13:25 - 02105856 _____ (Farbar) C:\Users\Seregahl\Downloads\FRST64.exe
2014-09-11 13:24 - 2014-09-11 13:24 - 00000482 _____ () C:\Users\Seregahl\Desktop\defogger_disable.log
2014-09-11 13:24 - 2014-09-11 13:24 - 00000000 _____ () C:\Users\Verwaltung\defogger_reenable
2014-09-11 13:24 - 2012-11-23 10:27 - 00000000 ____D () C:\Users\Verwaltung
2014-09-11 13:23 - 2014-09-11 13:23 - 00050477 _____ () C:\Users\Seregahl\Downloads\Defogger.exe
2014-09-11 13:00 - 2012-04-23 14:14 - 00000000 ___RD () C:\Users\Seregahl\Dropbox
2014-09-11 11:59 - 2011-09-03 13:44 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Dropbox
2014-09-11 00:00 - 2012-11-03 09:59 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\.minecraft
2014-09-10 21:34 - 2014-09-10 21:33 - 58302297 _____ () C:\Users\Seregahl\Downloads\Charybdis MidAge 1.8 (1.1).zip
2014-09-10 19:48 - 2013-07-26 12:36 - 00000000 ____D () C:\Users\Seregahl\.gimp-2.8
2014-09-10 19:46 - 2014-09-10 19:46 - 00022566 _____ () C:\Users\Seregahl\AppData\Local\recently-used.xbel
2014-09-10 19:46 - 2013-07-26 12:39 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\gtk-2.0
2014-09-10 14:27 - 2013-08-24 13:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-09-10 13:59 - 2010-11-22 14:53 - 00000678 __RSH () C:\Users\Seregahl\ntuser.pol
2014-09-10 13:59 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl
2014-09-10 13:49 - 2014-06-09 13:36 - 00001400 _____ () C:\DelFix.txt
2014-09-10 13:38 - 2014-06-02 11:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 13:35 - 2014-09-10 13:35 - 00000000 ____D () C:\MATS
2014-09-10 13:30 - 2014-09-10 13:30 - 00003114 _____ () C:\Windows\System32\Tasks\{488B2502-F9F5-4AC6-B263-1F611EB51B5F}
2014-09-10 13:30 - 2014-09-10 13:30 - 00000000 ____D () C:\Users\Verwaltung\AppData\Roaming\ESRI
2014-09-10 13:12 - 2010-06-11 12:28 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\SoftThinks
2014-09-10 13:11 - 2013-01-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 13:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-10 12:47 - 2014-09-10 12:47 - 00347440 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit-portable.exe
2014-09-10 12:44 - 2014-09-10 12:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Verwaltung\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-09-10 12:26 - 2014-09-10 12:26 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 12:26 - 2014-09-10 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 11:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 11:17 - 2013-01-02 21:24 - 00000000 ____D () C:\Windows\pss
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-10 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 10:30 - 2014-09-10 10:30 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03(1).exe
2014-09-10 10:27 - 2014-09-10 10:27 - 01101648 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.0-beta4 - CHIP-Installer.exe
2014-09-10 10:24 - 2014-09-10 10:24 - 74496991 _____ () C:\Users\Seregahl\Downloads\Conquest_.zip
2014-09-09 23:00 - 2014-09-09 23:00 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-06 13:42 - 2014-09-06 13:42 - 00290096 _____ () C:\Windows\Minidump\090614-19312-01.dmp
2014-09-06 13:42 - 2014-05-29 14:38 - 529779715 _____ () C:\Windows\MEMORY.DMP
2014-09-06 13:42 - 2011-08-31 11:56 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 13:50 - 2014-09-04 13:50 - 00000000 ____D () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18
2014-09-04 13:45 - 2014-09-04 13:45 - 105139071 _____ () C:\Users\Seregahl\Downloads\Sphax PureBDcraft 512x MC18.zip
2014-09-04 12:03 - 2014-09-04 12:03 - 02350021 _____ () C:\Users\Seregahl\Downloads\mcpatcher-4.3.2_03.exe
2014-08-29 19:27 - 2014-08-29 19:27 - 00699512 _____ () C:\Windows\Minidump\082914-18766-01.dmp
2014-08-29 14:36 - 2014-08-07 09:32 - 00000601 _____ () C:\Users\Seregahl\Desktop\Prüfungstermine.txt
2014-08-29 00:28 - 2014-04-22 10:43 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\WesterosCraft
2014-08-28 18:50 - 2009-07-14 06:45 - 00407704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:06 - 2012-05-15 11:05 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-23 04:07 - 2014-08-28 10:33 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 10:33 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 10:33 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:42 - 2013-08-22 15:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-18 23:24 - 2013-12-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-18 19:07 - 2010-06-12 09:10 - 00000000 ____D () C:\Users\Seregahl\AppData\Local\Deployment
2014-08-16 12:15 - 2012-04-23 14:19 - 00000000 ____D () C:\Users\Seregahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 00:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 22:01 - 2010-06-09 07:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 21:57 - 2013-08-03 01:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2010-06-13 01:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:52 - 2014-04-30 15:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Verwaltung\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 15:18
==================== End Of Log ============================
Gute nacht für heute! Grüße Seregahl |
|
12.09.2014, 09:52
| #10 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Ok, nur noch Kleinigkeiten: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF HKCU\...\Firefox\Extensions: [{FA6048EE-7061-9EBE-B4B5-C7ECA466696E}] - C:\Program Files (x86)\ver0SpeedChecker\178.xpi
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Ansonsten sind die Logs dann sauber. Bitte prüfen ob du noch etwas siehst. Ansonsten: Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
12.09.2014, 18:00
| #11 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Hallo Timo, ich habe nun alles ausgeführt und auch nichts mehr Auffälliges finden können. Leider habe ich ersteinmal alle Schritte deiner Anleitung befolgt und nun ist das "Fixlog.txt" vom FRST leider durch delFix mit gelöscht worden  - steht auch in dem DelFix-Log -.- Zu den sonstigen Tips: Ich verwende ansonsten eigentlich schon fast alle deine Tipps  von MBAM, über Firefox mit den vorgeschlagenen addons + Ghostery. Auch TFC verwende ich immer wieder und mit der Registry bin ich immer vorsichtig :P Eine Frage hätte ich noch: Im Moment benutze ich das Anti-Virenprogramm F-Secure, ich habe mich damals dafür entschieden, weil es eine der besten Bewertungen hatte... aber so wirklich zufrieden war ich damit nicht, was gibt es denn für gute Alternativen? (Ich weiß zwar nicht ob die Frage hier reingehört, aber wenn ich schon ma da bin )Ansonsten auf jeden Fall schon mal herzlichen Dank!!! Viele Grüße! Seregahl |
|
12.09.2014, 18:53
| #12 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Naja AV-Programme gibt es ja einige, es ist immer schwer etwas zu empfehlen. Am besten bei AV-Comparatives - Independent Tests of Anti-Virus Software - Real World Protection Test Overview schauen wie die Programme abschneiden und was man für Features braucht. Ich brauch ein AV-Programm was "die Fresse hält" und mich nicht stört mit Werbung oder sonstigem Quatsch, mit ner simplen Oberfläche ^^ Manch einer braucht Gadgets, tolle Grafik und Effekte oder Sprachausgabe ^^ Ich hatte sehr lange Avira gehabt, die Bezahlvariante. Nachdem Avira die Ask-Toolbar eingeführt hat, bin ich gewechselt, hab ein paar Sachen ausprobiert und bin jetzt bei EMSI gelandet. Ok ich wurde auch hier am Board manipuliert ^^ Aber ich bin sehr zufrieden damit. Beruflich nutze ich Kaspersky Endpoint Security mit zentralem Management und Verwaltung.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
16.09.2014, 09:31
| #13 |
| | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Hallo Timo, tut mir leid, dass ich mich erst jetzt wieder melde, war aber übers Wochenende nicht da... Danke auf jeden Fall für die Hilfe und für die Tipps =) werd mal schaun was sich so ergibt, wenn mein F-Secure ausläuft^^ Zum eigentlichen Thema: Bisher sind keine Probleme mehr aufgetreten, also denke ich wir haben (hoffentlich) alles erwischt Viele Grüße! Seregahl |
|
16.09.2014, 10:24
| #14 |
| /// TB-Ausbilder | SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf Alles klar ^^
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
| Themen zu SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf |
| antiviren-programm, defender, failed, fehlercode 0x80000003, flash player, maleware, microsoft, msiexec.exe, neustart, problem, programme, pup.optional.adlyrics, pup.optional.domaiq, pup.optional.speedchecker, pup.optional.speedchecker.a, security, server, software, speedchecker, speedchecker entfernen, suche, tower, win32/hiddenstart.a, windows |
Linear-Darstellung
