| |
| |||||||
Log-Analyse und Auswertung: System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverlussWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.09.2014, 23:38
| #1 |
| |  System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss hi , ich habe wahrscheinlich einen restore trojaner auf meinem pc der meine performance verschlechtert viren scanner und anti malware programmer blockt ( auch system wiederherstellung) und meine persönlichen daten wie u.a Steam & battle.net daten kennt und hackt. angefangen hats durch irgend ein obioses anti malware programm und dann gings weiter zu 100den meldungen am tag das mein rechner verseucht sei und ich scanns abschließen soll , was ich dann irgendwann gemacht habe ( was glaube ich ein großer fehler war) denn dann fings richtig an , meien grafikkarte glüht durch auch nur bei kleinster belastung wie wenn ich zb. league of legends auf geringer grafik Spiele. oder meine cpu steigt auf bis zu 90+ % ich habe roodkits auf meinem rechner gefunden aber kanbn die report log datei nicht kopieren weil das scheinbar auch geblockt wird.. Ich würd mich über Hilfe echt freuen und hoffe das ich eine antwort kriege sobald ihr zeit findet  ich weiß mir da nämli9ch langsam echt nicht mehr zu helfen  |
|
18.09.2014, 23:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.09.2014, 11:09
| #3 |
| | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss FRST Logfile:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Marlon (administrator) on MARLON-PC on 19-09-2014 11:55:50
Running from C:\Users\Marlon\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Policies\Explorer: [Run] "C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe"
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\MountPoints2: {1d636f89-c193-11e3-b5e5-806e6f6e6963} - E:\WARLauncher.exe
Startup: C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntkrnlpa.lnk
ShortcutTarget: ntkrnlpa.lnk -> C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:37214
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402817210&from=cor&uid=395049983_1052499_500CDD21&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://search.findwide.com/serp?guid={EFE9049E-FA49-4C33-A1E2-0592B8769702}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402817210&from=cor&uid=395049983_1052499_500CDD21&q={searchTerms}
SearchScopes: HKCU - {C853684C-4033-4337-B7C7-A2E882CBA5DB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: IEExtension.Extension -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.)
Toolbar: HKCU - No Name - {13F7E48A-AF65-4480-BD2A-CDF5B0929521} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF ProfilePath: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default
FF DefaultSearchEngine: Zoo Search
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\user.js
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CostMin - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\rvanh8.gusu@hpilhjvye-.edu [2014-04-19]
FF Extension: Site Matcher - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-22]
FF Extension: WEB.DE MailCheck - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\toolbar@web.de [2014-07-09]
FF Extension: Youtube Accelerator Helper - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2014-07-08]
FF Extension: Zoo Toolbar - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{6e6e7f45-c4ea-4a0d-b25f-42ff7e3fd96c} [2014-08-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-09]
FF Extension: MEGA - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\firefox@mega.co.nz.xpi [2014-04-19]
FF Extension: Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{bd199e27-5053-4798-be04-8686f2b93a72}] - C:\Program Files (x86)\Security Guard\securityguard.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Guard\securityguard.xpi [2014-06-20]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-04]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\firefoxmini@go.im.xpi [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\c1b9d306-75ba-4390-8a8b-76b504015572@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=58&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Drive) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-08]
CHR Extension: (YouTube) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-08]
CHR Extension: (Google-Suche) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-08]
CHR Extension: (Tampermonkey) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-08-11]
CHR Extension: (AdBlock) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-11]
CHR Extension: (PHD-V1.4) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
CHR Extension: (ScriptSafe) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [onljdobepbepmeogglgcegfflcmibdpk] - C:\Program Files (x86)\Security Guard\securityguard.crx [2014-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-20] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-09] ()
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1510248 2014-07-08] (GOOBZO)
S2 671c50b0; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll",service
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RegFltrX64; C:\Users\Marlon\AppData\Local\DashboardDirect3dNet\RegFltrX64.sys [18064 2014-06-04] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-04-20] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 11:55 - 2014-09-19 11:56 - 00018233 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 11:55 - 2014-09-19 11:56 - 00000000 ____D () C:\FRST
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-16 23:23 - 2014-09-18 22:56 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 14:30 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-16 14:30 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-16 12:24 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-16 12:24 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:37 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:33 - 2014-09-16 12:36 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 11:32 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\Documents\Notes
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:30 - 2014-09-12 18:33 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:25 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-12 18:06 - 2014-09-12 18:20 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 03:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 23:20 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 23:20 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 23:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 23:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 23:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 23:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 23:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 17:00 - 2014-09-12 14:43 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-10 17:00 - 2014-09-12 13:55 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:56 - 2014-09-10 16:57 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-05 03:08 - 2014-09-05 20:30 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-04 19:58 - 2014-09-10 15:56 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-04 19:54 - 2014-09-10 15:55 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:22 - 2014-09-18 23:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-18 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-11 08:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 18:45 - 2014-09-04 18:45 - 00000000 ____D () C:\Users\Marlon\AppData\Local\RocketTab
2014-09-04 13:16 - 2014-09-04 13:17 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-04 13:05 - 2014-09-04 13:05 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\rightbackup
2014-09-03 21:54 - 2014-09-04 16:59 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:44 - 2014-09-03 21:45 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:33 - 2014-09-19 11:48 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-09-03 20:32 - 2014-09-05 20:28 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:31 - 2014-09-05 20:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\VOPackage
2014-09-03 20:31 - 2014-09-05 20:28 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-03 20:31 - 2014-09-03 20:32 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-09-03 20:31 - 2014-09-03 20:31 - 00001050 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-09-03 20:31 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-09-03 20:30 - 2014-09-05 20:01 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\System Speedup
2014-09-03 20:30 - 2014-09-05 20:00 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-09-03 20:28 - 2014-09-03 20:29 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:46 - 2014-09-03 14:47 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:02 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 00:56 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 00:55 - 2014-09-01 01:01 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 18:35 - 2014-08-29 19:22 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-28 15:05 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:05 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:05 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 11:56 - 2014-09-19 11:55 - 00018233 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 11:56 - 2014-09-19 11:55 - 00000000 ____D () C:\FRST
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-19 11:55 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:55 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:52 - 2014-04-12 18:01 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Skype
2014-09-19 11:52 - 2014-04-11 18:08 - 01469212 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 11:48 - 2014-09-03 20:33 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-09-19 11:48 - 2014-04-20 00:13 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 11:47 - 2014-08-08 02:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 11:47 - 2014-07-06 15:47 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-09-19 11:47 - 2014-04-11 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-19 11:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 11:47 - 2009-07-14 06:51 - 00067590 _____ () C:\Windows\setupact.log
2014-09-19 00:39 - 2014-04-16 19:42 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\TS3Client
2014-09-19 00:28 - 2014-04-11 18:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA090C64-35D7-4F70-A0E2-B241302D0DD2}
2014-09-19 00:22 - 2014-06-27 16:20 - 00000000 ____D () C:\Users\Marlon\AppData\Local\DashboardDirect3dNet
2014-09-19 00:22 - 2014-04-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-09-19 00:20 - 2014-08-08 02:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 00:12 - 2014-04-12 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:48 - 2014-07-06 15:47 - 00000280 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-09-18 23:41 - 2014-09-04 19:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-18 23:39 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-18 23:39 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-18 23:39 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-18 23:32 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 23:32 - 2014-04-11 18:12 - 00000000 ____D () C:\Users\Marlon
2014-09-18 23:17 - 2014-09-16 14:30 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-18 23:17 - 2014-09-16 12:24 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-18 23:17 - 2014-09-12 18:25 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-18 23:17 - 2014-07-08 14:40 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-09-18 23:17 - 2014-05-30 09:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 23:17 - 2014-05-16 17:48 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\vlc
2014-09-18 23:17 - 2014-05-10 16:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-18 23:17 - 2014-05-09 17:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 23:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 23:16 - 2014-09-16 14:30 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-18 23:16 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-18 23:16 - 2014-09-16 11:32 - 00000000 ____D () C:\Users\Marlon\Documents\Notes
2014-09-18 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-18 22:56 - 2014-09-16 23:23 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-17 18:00 - 2014-05-10 16:51 - 00000000 ____D () C:\Users\Marlon\AppData\Local\PMB Files
2014-09-16 23:28 - 2014-05-09 17:23 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 12:37 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:36 - 2014-09-16 11:33 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:33 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:20 - 2014-09-12 18:06 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 16:33 - 2014-04-12 06:32 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Awesomium
2014-09-12 15:16 - 2014-05-24 13:56 - 00000000 ____D () C:\Users\Marlon\AppData\Local\NexonLauncher
2014-09-12 14:43 - 2014-09-10 17:00 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-12 13:55 - 2014-09-10 17:00 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-12 03:07 - 2014-04-11 20:11 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:06 - 2014-04-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:02 - 2014-04-11 18:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:01 - 2014-05-08 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 08:19 - 2014-09-04 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-11 07:58 - 2014-04-26 12:09 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 07:58 - 2014-04-26 12:08 - 370797455 _____ () C:\Windows\MEMORY.DMP
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:57 - 2014-09-10 16:56 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-10 15:56 - 2014-09-04 19:58 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-10 15:55 - 2014-09-04 19:54 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-10 13:12 - 2014-04-12 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:12 - 2014-04-12 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 13:12 - 2014-04-12 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 17:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-07 12:28 - 2010-11-21 05:47 - 00451622 _____ () C:\Windows\PFRO.log
2014-09-05 20:30 - 2014-09-05 03:08 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-05 20:29 - 2014-04-19 23:35 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Systweak
2014-09-05 20:28 - 2014-09-03 20:32 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-05 20:28 - 2014-09-03 20:31 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\VOPackage
2014-09-05 20:28 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-05 20:28 - 2014-08-11 00:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-05 20:28 - 2014-07-08 14:39 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-05 20:28 - 2014-07-06 15:54 - 00000000 ____D () C:\Program Files (x86)\iRobinHood
2014-09-05 20:01 - 2014-09-03 20:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\System Speedup
2014-09-05 20:00 - 2014-09-03 20:30 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-09-05 04:10 - 2014-09-11 23:20 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 23:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 02:04 - 2014-08-11 00:03 - 00000000 ____D () C:\ProgramData\ygpDOMp
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:28 - 2014-07-08 15:30 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-09-04 19:28 - 2014-07-06 15:53 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater
2014-09-04 19:28 - 2014-06-15 09:26 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\sweet-page
2014-09-04 19:28 - 2014-04-19 17:28 - 00000000 ____D () C:\ProgramData\WPM
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 18:45 - 2014-09-04 18:45 - 00000000 ____D () C:\Users\Marlon\AppData\Local\RocketTab
2014-09-04 16:59 - 2014-09-03 21:54 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-04 13:17 - 2014-09-04 13:16 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-04 13:05 - 2014-09-04 13:05 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\rightbackup
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:45 - 2014-09-03 21:44 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:32 - 2014-09-03 20:31 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-09-03 20:31 - 2014-09-03 20:31 - 00001050 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-09-03 20:31 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-09-03 20:29 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:47 - 2014-09-03 14:46 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:04 - 2014-09-01 01:02 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 01:04 - 2014-09-01 00:56 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 01:01 - 2014-09-01 00:55 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-31 03:51 - 2014-06-14 08:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\QQSM
2014-08-29 19:22 - 2014-08-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 00:39 - 2009-07-14 06:45 - 00268536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:00 - 2014-05-17 19:38 - 00000000 ____D () C:\Users\Marlon\Documents\My Games
2014-08-28 16:00 - 2014-04-11 19:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-28 15:56 - 2014-04-25 17:14 - 00116083 _____ () C:\Windows\DirectX.log
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-23 04:07 - 2014-08-28 15:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
2014-08-22 19:52 - 2014-05-30 10:18 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
Some content of TEMP:
====================
C:\Users\Marlon\AppData\Local\Temp\25cc40ac237f9326beca4170b7056e46.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 06:25
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- [/CODE] FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Marlon at 2014-09-19 11:56:45
Running from C:\Users\Marlon\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Media Converter version 1.0.0 (HKLM-x32\...\{29A9E262-AC6E-4B40-816F-2C4AC55549F8}_is1) (Version: 1.0.0 - OneFloor App,Inc)
1 Media Player version 2.2.0 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA8}_is1) (Version: 2.2.0 - OneFloorApp Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version: - Stunlock Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
C9 (HKLM-x32\...\Steam App 212390) (Version: - Cloud 9 Studio)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dawngate (HKLM-x32\...\{9E238DAC-8A8B-46C4-B2D0-FD9903514095}) (Version: 187.42.53.0 - Electronic Arts, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.3 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.3 - Gameforge)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst)
Genymotion version 2.2.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.2.2 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.0.5.3 - Infernum Productions AG)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Java Packages (HKCU\...\Java Packages) (Version: - ) <==== ATTENTION
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Panzar (HKLM-x32\...\{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1) (Version: 1.0 - Panzar)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.3.32950 - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Prime World version 9.14.0 (HKLM-x32\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.14.0 - Nival)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
SavingsAurora (HKCU\...\gxxqa) (Version: - ) <==== ATTENTION
Security Guard (HKLM-x32\...\Security Guard) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
VideoLAN VLC media player 0.8.2 (HKLM-x32\...\VLC media player) (Version: 0.8.2 - VideoLAN Team)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Warframe (HKLM-x32\...\{CD733352-5102-4212-8561-6A0CDF496DE7}) (Version: 1.0.0 - Digital Extremes)
WEBZEN Browser Extension (HKLM-x32\...\{95723791-2C44-454B-9220-C65D47D70E9C}) (Version: 1.12.010 - WEBZEN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WolfTeam-DE (HKLM-x32\...\WolfTeam-DE) (Version: - )
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_88) - Goobzo Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-09-2014 14:49:17 Installed Microsoft XNA Framework Redistributable 3.1
12-09-2014 16:27:58 DirectX wurde installiert
16-09-2014 18:03:15 Windows Update
16-09-2014 21:41:23 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
16-09-2014 21:42:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
18-09-2014 20:49:07 Wiederherstellungsvorgang
18-09-2014 21:08:57 Windows Update
18-09-2014 21:10:09 Wiederherstellungsvorgang
18-09-2014 21:38:58 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-04-20 00:10 - 00008909 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by
There are 162 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A9E4713-889E-4B46-BDD9-55E0AD5ED5AF} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {0B546462-2BBD-4265-A7E3-33803F49CF39} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2014-06-15] (Goobzo LTD) <==== ATTENTION
Task: {31303B7D-797C-4E2A-A89D-51FA8E82935C} - \SPBIW_UpdateTask_Time_333339363935303830352d3237575a236c6c3255342a41 No Task File <==== ATTENTION
Task: {38AE9A86-5972-4AE4-A6CF-61988342550E} - \SPDriver No Task File <==== ATTENTION
Task: {3F65660C-D125-476E-954B-C320ECC14B6B} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {404450E9-CDC2-4E96-8143-A3344F60328E} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {43981BD6-65CE-42C1-A15C-F93BC5559B13} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-06-18] (Uniblue Systems Limited) <==== ATTENTION
Task: {46296773-145C-492A-AE10-CDFEDE4DA865} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {4872C38A-58A1-4F3A-ACF2-43172FE33EAD} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {49610218-A0B8-46DA-9999-71E04F16B5F9} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\ZooToolbar\WPackageUpdate.exe
Task: {5336C78F-4F3D-46A1-8ED1-F4F438B97BC5} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-07-08] (Goobzo) <==== ATTENTION
Task: {620CE989-A4B1-435B-82B8-44583E8C383B} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {69D8798B-EFBF-4863-BA85-5654F35D6D59} - \RocketTab No Task File <==== ATTENTION
Task: {6A6EE148-CC94-490F-A56E-973DE2E28A9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZooToolbar\WConnectorDirect.exe <==== ATTENTION
Task: {6B1B3635-B859-46DE-89E3-6A67B1058E5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {8BA398A9-032E-48A0-B55B-C35CE9EC9D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {9E2CC040-5571-486E-AC65-BE09F48EA35E} - System32\Tasks\UNELEVATE_12599 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe <==== ATTENTION
Task: {AC52E715-BFD7-43F4-A524-E858ADEC6C88} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {B2E7D4B8-212C-461B-8EC1-7ED16FF3A4CA} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\ZooToolbar\WSystemKeeper.exe
Task: {C62FE617-50D9-45C8-9980-FD198EC9B53C} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-07-08] (Goobzo) <==== ATTENTION
Task: {DFED1601-5173-4012-B777-5BE35F28FA34} - \ShopperPro No Task File <==== ATTENTION
Task: {E3E0841C-E2E4-4105-83C1-D5FABF919329} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {FE496842-3510-4725-929F-133FFFA7CCAF} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {FF8DE74B-2DAD-4271-84B6-60EDA6BE267A} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-06-18] (Uniblue Systems Limited) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-11 19:36 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-02 21:41 - 2014-05-09 17:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-09-03 20:31 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2014-07-06 15:47 - 2013-06-06 10:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll
2014-07-06 15:47 - 2014-06-18 11:28 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07941175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07941175.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BlockAndSurf => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LPTSystemUpdater => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PirritDesktop => 2
MSCONFIG\Services: PirritUpdater => 2
MSCONFIG\Services: Update PlurPush => 2
MSCONFIG\Services: Util PlurPush => 2
MSCONFIG\Services: Wpm => 2
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/19/2014 11:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x41c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/19/2014 11:49:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 00:25:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xaa8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/19/2014 00:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/18/2014 11:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/18/2014 11:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Error: (09/18/2014 11:33:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Error: (09/18/2014 11:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xd70
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
System errors:
=============
Error: (09/19/2014 11:48:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Browser System Enahncer erreicht.
Error: (09/19/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/19/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/19/2014 00:23:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Browser System Enahncer erreicht.
Error: (09/19/2014 00:22:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/19/2014 00:22:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/18/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/18/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DashboardDirect3dNet.exe" wurde nicht richtig gestartet.
Error: (09/18/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/18/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Microsoft Office Sessions:
=========================
Error: (09/19/2014 11:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41c01cfd3ef3fc8dab0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll7f53ab10-3fe2-11e4-9a0a-20cf30cd27b6
Error: (09/19/2014 11:49:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 00:25:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaa801cfd38f64ec6600C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlla5dc44a0-3f82-11e4-9b9e-20cf30cd27b6
Error: (09/19/2014 00:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda5c01cfd38b949344e0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlld305ee80-3f7e-11e4-9446-eedd2dc3729c
Error: (09/18/2014 11:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd134001cfd38890156540C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllce7e4ae0-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aa3001cfd388235c3460C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe6a755070-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:33:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8a001cfd38819647260C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll606ba480-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd7001cfd3848d1f8a40C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllcae6b1a0-3f77-11e4-a390-eedd2dc3729c
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 645 Processor
Percentage of memory in use: 59%
Total physical RAM: 3327.23 MB
Available physical RAM: 1352.38 MB
Total Pagefile: 6652.63 MB
Available Pagefile: 4466.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.28 GB) (Free:113.05 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:91.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D3270B59)
Partition 1: (Active) - (Size=345.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich kann mein anti malware programm nicht mehr öffnen ( Malwarebytes anti- malware ) wird ständig geblockt. gibts auch einen anderen weg den scan log zu posten? |
|
19.09.2014, 11:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss Jup...poste mal die Logs, die du unter C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \Logs findest !!Ausnahmsweise!! darfst du den Ordner Logs in C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \ zippen und hier anhängen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.09.2014, 11:48
| #5 |
| | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss OK vielen dank hir die ZIP datei. |
|
19.09.2014, 13:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss |
|
19.09.2014, 13:58
| #7 |
| | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 14:23:44
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Marlon - MARLON-PC
# Gestartet von : C:\Users\Marlon\Downloads\AdwCleaner_3.310 (1).exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : 671c50b0
Dienst Gelöscht : RBClientService
[#] Dienst Gelöscht : RegFltrX64
Dienst Gelöscht : YouTubeAcceleratorService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Meteoroids
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\YTAHelper
Ordner Gelöscht : C:\ProgramData\Fun2Save
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\iRobinHood
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\Pirrit
Ordner Gelöscht : C:\Program Files (x86)\Right Backup
Ordner Gelöscht : C:\Program Files (x86)\SiteLookup
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\YouTube Accelerator
Ordner Gelöscht : C:\Program Files (x86)\YTAHelper
Ordner Gelöscht : C:\Program Files (x86)\Fun2Save
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\RocketTab
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\torch
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Marlon\AppData\Local\WinRST
Ordner Gelöscht : C:\Users\Marlon\AppData\LocalLow\Goobzo
Ordner Gelöscht : C:\Users\Marlon\AppData\LocalLow\Sense
Ordner Gelöscht : C:\Users\Marlon\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\Pirrit
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\v9
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Marlon\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Marlon\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Marlon\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Public\Documents\Goobzo
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Ordner Gelöscht : C:\Users\Public\Documents\YTAHelper
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E}
Ordner Gelöscht : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\rvanh8.gusu@hpilhjvye-.edu
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejpbhnedhggkbgkffmebgofpnaicjkb
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\Right Backup.lnk
Datei Gelöscht : C:\Users\Public\Desktop\speedupmypc.lnk
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Marlon\daemonprocess.txt
Datei Gelöscht : C:\Users\Marlon\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Marlon\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Marlon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
Datei Gelöscht : C:\Users\Marlon\Desktop\YouTube Accelerator.lnk
Datei Gelöscht : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\invalidprefs.js
Datei Gelöscht : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\user.js
Datei Gelöscht : C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : Right Backup_startup
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab
Task Gelöscht : ShopperPro
Task Gelöscht : ShopperProJSUpd
Task Gelöscht : SPDriver
Task Gelöscht : SpeedUpMyPC Maintenance
Task Gelöscht : SpeedUpMyPC Startup
Task Gelöscht : System Speedup
Task Gelöscht : YTAHelper
Task Gelöscht : YTAUpdate_logon
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Weather\Uninstall.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}
Schlüssel Gelöscht : HKCU\Software\Fabulous
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Goobzo
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ShopperPro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\Bench
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Goobzo
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Pirrit
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\System Speedup
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\TBID
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : HKLM\SOFTWARE\V9Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\TBID
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\prefs.js ]
Zeile gelöscht : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A183015%2C%22ver%22%3A2%2[...]
Zeile gelöscht : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_resource_646958.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%[...]
Zeile gelöscht : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Zeile gelöscht : user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
Zeile gelöscht : user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 1);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 25);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1398435826257");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "134622");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "ry_7302_ch");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "e6a73590-8e90-ca86-8cc2-bab53ade39eb");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "19/04/2014");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1397943326");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1398507222297");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper");
Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "500cdd2100000000000020cf30cd27b6");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16235");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.38:37:33");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.srlb.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
Zeile gelöscht : user_pref("iminent.adapters", "{\"www.brazzers.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1407[...]
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrPCs8KzwrjCucKzwrnCtcK5\",\"raw_pkgid\":\"222982848\"}");
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42 \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrPCs8KzwrjCucKzwrnCtcK5");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1407887177402");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1407456037297");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1407456036403");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1407456045484");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1407456037955");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1407981657993");
Zeile gelöscht : user_pref("iminent.trackExternalScripts2", "1407455452751");
Zeile gelöscht : user_pref("iminent.trackExternalScripts3", "1407455502233");
Zeile gelöscht : user_pref("iminent.trackExternalScripts6", "1407455503169");
Zeile gelöscht : user_pref("iminent.trackExternalScripts7", "1407455452809");
Zeile gelöscht : user_pref("iminent.trackExternalScripts8", "1407455452868");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.33.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.33.3.1\",\"InstallEventCTime\":1408125309607}");
Zeile gelöscht : user_pref("wtb25364.homepage", "hxxp://isearch.zoo.com/ofaz2/search/home?sid=79170&tid=25364&bd=1404597600000.000000&ver=6.5&guid=79170-25364-1404654408381-14BD8373FB67AA653EDC7A934433DA27");
Zeile gelöscht : user_pref("wtb25364.newtab", "hxxp://isearch.zoo.com/ofaz2/search/home?sid=79170&tid=25364&bd=1404597600000.000000&ver=6.5&guid=79170-25364-1404654408381-14BD8373FB67AA653EDC7A934433DA27");
Zeile gelöscht : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_isearch.zoo.com", "not set");
Zeile gelöscht : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=58&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&q={searchTerms}&SSPV=
Gelöscht [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : iidmoehhpbghchkaogkhmcckhlhebekn
*************************
AdwCleaner[R0].txt - [292 octets] - [19/09/2014 14:17:54]
AdwCleaner[R1].txt - [29565 octets] - [19/09/2014 14:20:51]
AdwCleaner[S0].txt - [28151 octets] - [19/09/2014 14:23:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28212 octets] ##########
[/CODE] JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Ultimate x64
Ran by Marlon on 19.09.2014 at 14:31:14,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPlurPush_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Marlon\AppData\Roaming\mozilla\firefox\profiles\yqbllmp7.default\extensions\toolbar@web.de
Emptied folder: C:\Users\Marlon\AppData\Roaming\mozilla\firefox\profiles\yqbllmp7.default\minidumps [56 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 14:50:53,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE] FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Marlon (administrator) on MARLON-PC on 19-09-2014 14:53:08
Running from C:\Users\Marlon\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4867544 2014-09-19] (Emsisoft GmbH)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Policies\Explorer: [Run] "C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe"
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\MountPoints2: {1d636f89-c193-11e3-b5e5-806e6f6e6963} - E:\WARLauncher.exe
Startup: C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntkrnlpa.lnk
ShortcutTarget: ntkrnlpa.lnk -> C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:37214
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {C853684C-4033-4337-B7C7-A2E882CBA5DB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {13F7E48A-AF65-4480-BD2A-CDF5B0929521} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default
FF DefaultSearchEngine: Zoo Search
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Site Matcher - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-22]
FF Extension: Zoo Toolbar - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{6e6e7f45-c4ea-4a0d-b25f-42ff7e3fd96c} [2014-08-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-09]
FF Extension: MEGA - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\firefox@mega.co.nz.xpi [2014-04-19]
FF Extension: Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{bd199e27-5053-4798-be04-8686f2b93a72}] - C:\Program Files (x86)\Security Guard\securityguard.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Guard\securityguard.xpi [2014-06-20]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-04]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\toolbar@web.de [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\firefoxmini@go.im.xpi [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\c1b9d306-75ba-4390-8a8b-76b504015572@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=58&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Drive) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-08]
CHR Extension: (YouTube) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-08]
CHR Extension: (Google-Suche) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-08]
CHR Extension: (Tampermonkey) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-08-11]
CHR Extension: (AdBlock) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-11]
CHR Extension: (PHD-V1.4) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
CHR Extension: (ScriptSafe) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [onljdobepbepmeogglgcegfflcmibdpk] - C:\Program Files (x86)\Security Guard\securityguard.crx [2014-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-19] (Emsisoft GmbH)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-20] (Perfect World Entertainment Inc)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-09] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-04-20] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 14:50 - 2014-09-19 14:50 - 00002295 _____ () C:\Users\Marlon\Desktop\JRT.txt
2014-09-19 14:31 - 2014-09-19 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 14:30 - 2014-09-19 14:30 - 01019328 _____ (Thisisu) C:\Users\Marlon\Downloads\JRT.exe
2014-09-19 14:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-19 14:17 - 2014-09-19 14:24 - 00000000 ____D () C:\AdwCleaner
2014-09-19 14:16 - 2014-09-19 14:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-19 14:12 - 2014-09-19 14:13 - 01373475 _____ () C:\Users\Marlon\Downloads\AdwCleaner_3.310 (1).exe
2014-09-19 14:12 - 2014-09-19 14:12 - 01373475 _____ () C:\Users\Marlon\Downloads\AdwCleaner_3.310.exe
2014-09-19 14:04 - 2014-09-19 14:04 - 00087884 _____ () C:\Users\Marlon\Downloads\Logs (1).zip
2014-09-19 13:49 - 2014-09-19 13:49 - 00087884 _____ () C:\Users\Marlon\Downloads\Logs.zip
2014-09-19 13:39 - 2014-09-19 13:39 - 00291400 _____ () C:\Windows\Minidump\091914-20092-01.dmp
2014-09-19 13:36 - 2014-09-19 13:36 - 00087884 _____ () C:\Users\Marlon\Downloads\D80D.tmp
2014-09-19 12:30 - 2014-09-19 12:30 - 00001091 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-19 12:30 - 2014-09-19 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-19 12:29 - 2014-09-19 14:27 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-19 12:21 - 2014-09-19 12:27 - 163670496 _____ (Emsisoft GmbH ) C:\Users\Marlon\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-19 12:18 - 2014-09-19 12:18 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-19 12:17 - 2014-09-19 12:17 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Marlon\Downloads\GlyphInstall.exe
2014-09-19 12:12 - 2014-09-19 12:18 - 00000997 _____ () C:\Users\Marlon\Desktop\Glyph.lnk
2014-09-19 12:12 - 2014-09-19 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-19 12:12 - 2014-09-19 12:12 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-19 12:10 - 2014-09-19 12:11 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Marlon\Downloads\GlyphInstall-0-120.exe
2014-09-19 12:00 - 2014-09-19 12:00 - 00000000 _____ () C:\Users\Marlon\Desktop\Neues Textdokument (3).txt
2014-09-19 11:56 - 2014-09-19 12:23 - 00031468 _____ () C:\Users\Marlon\Downloads\Addition.txt
2014-09-19 11:55 - 2014-09-19 14:53 - 00016441 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 11:55 - 2014-09-19 14:53 - 00000000 ____D () C:\FRST
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-16 23:23 - 2014-09-18 22:56 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 14:30 - 2014-09-19 12:12 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-16 12:24 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-16 12:24 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:37 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:33 - 2014-09-16 12:36 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 11:32 - 2014-09-19 12:00 - 00000000 ___RD () C:\Users\Marlon\Documents\Notes
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:30 - 2014-09-12 18:33 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:25 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-12 18:06 - 2014-09-12 18:20 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 03:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 23:20 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 23:20 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 23:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 23:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 23:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 23:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 23:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 17:00 - 2014-09-12 14:43 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-10 17:00 - 2014-09-12 13:55 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:56 - 2014-09-10 16:57 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-05 03:08 - 2014-09-05 20:30 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-04 19:58 - 2014-09-10 15:56 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-04 19:54 - 2014-09-10 15:55 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:22 - 2014-09-18 23:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-18 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-11 08:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 13:16 - 2014-09-04 13:17 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-03 21:54 - 2014-09-04 16:59 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:44 - 2014-09-03 21:45 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:32 - 2014-09-05 20:28 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:28 - 2014-09-03 20:29 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:46 - 2014-09-03 14:47 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:02 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 00:56 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 00:55 - 2014-09-01 01:01 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 18:35 - 2014-08-29 19:22 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-28 15:05 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:05 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:05 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 14:53 - 2014-09-19 11:55 - 00016441 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 14:53 - 2014-09-19 11:55 - 00000000 ____D () C:\FRST
2014-09-19 14:50 - 2014-09-19 14:50 - 00002295 _____ () C:\Users\Marlon\Desktop\JRT.txt
2014-09-19 14:48 - 2014-04-12 18:01 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Skype
2014-09-19 14:34 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:34 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:31 - 2014-09-19 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 14:30 - 2014-09-19 14:30 - 01019328 _____ (Thisisu) C:\Users\Marlon\Downloads\JRT.exe
2014-09-19 14:27 - 2014-09-19 12:29 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-19 14:26 - 2014-08-08 02:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 14:26 - 2014-04-11 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-19 14:26 - 2010-11-21 05:47 - 00455230 _____ () C:\Windows\PFRO.log
2014-09-19 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 14:26 - 2009-07-14 06:51 - 00067758 _____ () C:\Windows\setupact.log
2014-09-19 14:25 - 2014-04-11 18:08 - 01484688 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 14:24 - 2014-09-19 14:17 - 00000000 ____D () C:\AdwCleaner
2014-09-19 14:24 - 2014-07-08 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Weather
2014-09-19 14:23 - 2014-04-20 00:13 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 14:23 - 2014-04-11 18:12 - 00000000 ____D () C:\Users\Marlon
2014-09-19 14:20 - 2014-08-08 02:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 14:16 - 2014-09-19 14:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-19 14:13 - 2014-09-19 14:12 - 01373475 _____ () C:\Users\Marlon\Downloads\AdwCleaner_3.310 (1).exe
2014-09-19 14:12 - 2014-09-19 14:12 - 01373475 _____ () C:\Users\Marlon\Downloads\AdwCleaner_3.310.exe
2014-09-19 14:12 - 2014-04-12 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 14:05 - 2014-04-11 18:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA090C64-35D7-4F70-A0E2-B241302D0DD2}
2014-09-19 14:04 - 2014-09-19 14:04 - 00087884 _____ () C:\Users\Marlon\Downloads\Logs (1).zip
2014-09-19 13:49 - 2014-09-19 13:49 - 00087884 _____ () C:\Users\Marlon\Downloads\Logs.zip
2014-09-19 13:39 - 2014-09-19 13:39 - 00291400 _____ () C:\Windows\Minidump\091914-20092-01.dmp
2014-09-19 13:39 - 2014-04-26 12:09 - 00000000 ____D () C:\Windows\Minidump
2014-09-19 13:38 - 2014-04-26 12:08 - 343022479 _____ () C:\Windows\MEMORY.DMP
2014-09-19 13:36 - 2014-09-19 13:36 - 00087884 _____ () C:\Users\Marlon\Downloads\D80D.tmp
2014-09-19 13:14 - 2014-04-16 19:42 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\TS3Client
2014-09-19 12:30 - 2014-09-19 12:30 - 00001091 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-19 12:30 - 2014-09-19 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-19 12:27 - 2014-09-19 12:21 - 163670496 _____ (Emsisoft GmbH ) C:\Users\Marlon\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-19 12:23 - 2014-09-19 11:56 - 00031468 _____ () C:\Users\Marlon\Downloads\Addition.txt
2014-09-19 12:18 - 2014-09-19 12:18 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-19 12:18 - 2014-09-19 12:12 - 00000997 _____ () C:\Users\Marlon\Desktop\Glyph.lnk
2014-09-19 12:17 - 2014-09-19 12:17 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Marlon\Downloads\GlyphInstall.exe
2014-09-19 12:12 - 2014-09-19 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-19 12:12 - 2014-09-19 12:12 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-19 12:12 - 2014-09-16 14:30 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-19 12:11 - 2014-09-19 12:10 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Marlon\Downloads\GlyphInstall-0-120.exe
2014-09-19 12:00 - 2014-09-19 12:00 - 00000000 _____ () C:\Users\Marlon\Desktop\Neues Textdokument (3).txt
2014-09-19 12:00 - 2014-09-16 11:32 - 00000000 ___RD () C:\Users\Marlon\Documents\Notes
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-19 00:22 - 2014-06-27 16:20 - 00000000 ____D () C:\Users\Marlon\AppData\Local\DashboardDirect3dNet
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:41 - 2014-09-04 19:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-18 23:39 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-18 23:39 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-18 23:39 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-18 23:32 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 23:17 - 2014-09-16 12:24 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-18 23:17 - 2014-09-12 18:25 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-18 23:17 - 2014-05-30 09:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 23:17 - 2014-05-16 17:48 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\vlc
2014-09-18 23:17 - 2014-05-10 16:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-18 23:17 - 2014-05-09 17:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 23:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 23:16 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-18 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-18 22:56 - 2014-09-16 23:23 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-17 18:00 - 2014-05-10 16:51 - 00000000 ____D () C:\Users\Marlon\AppData\Local\PMB Files
2014-09-16 23:28 - 2014-05-09 17:23 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 12:37 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:36 - 2014-09-16 11:33 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:33 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:20 - 2014-09-12 18:06 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 16:33 - 2014-04-12 06:32 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Awesomium
2014-09-12 15:16 - 2014-05-24 13:56 - 00000000 ____D () C:\Users\Marlon\AppData\Local\NexonLauncher
2014-09-12 14:43 - 2014-09-10 17:00 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-12 13:55 - 2014-09-10 17:00 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-12 03:07 - 2014-04-11 20:11 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:06 - 2014-04-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:02 - 2014-04-11 18:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:01 - 2014-05-08 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 08:19 - 2014-09-04 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:57 - 2014-09-10 16:56 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-10 15:56 - 2014-09-04 19:58 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-10 15:55 - 2014-09-04 19:54 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-10 13:12 - 2014-04-12 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:12 - 2014-04-12 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 13:12 - 2014-04-12 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 17:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-05 20:30 - 2014-09-05 03:08 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-05 20:28 - 2014-09-03 20:32 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-05 04:10 - 2014-09-11 23:20 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 23:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 02:04 - 2014-08-11 00:03 - 00000000 ____D () C:\ProgramData\ygpDOMp
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:28 - 2014-07-08 15:30 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 16:59 - 2014-09-03 21:54 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-04 13:17 - 2014-09-04 13:16 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:45 - 2014-09-03 21:44 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:29 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:47 - 2014-09-03 14:46 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:04 - 2014-09-01 01:02 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 01:04 - 2014-09-01 00:56 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 01:01 - 2014-09-01 00:55 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-31 03:51 - 2014-06-14 08:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\QQSM
2014-08-29 19:22 - 2014-08-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 00:39 - 2009-07-14 06:45 - 00268536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:00 - 2014-05-17 19:38 - 00000000 ____D () C:\Users\Marlon\Documents\My Games
2014-08-28 16:00 - 2014-04-11 19:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-28 15:56 - 2014-04-25 17:14 - 00116083 _____ () C:\Windows\DirectX.log
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-23 04:07 - 2014-08-28 15:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
2014-08-22 19:52 - 2014-05-30 10:18 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
Some content of TEMP:
====================
C:\Users\Marlon\AppData\Local\Temp\25cc40ac237f9326beca4170b7056e46.dll
C:\Users\Marlon\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 06:25
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Marlon at 2014-09-19 14:56:08
Running from C:\Users\Marlon\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Media Converter version 1.0.0 (HKLM-x32\...\{29A9E262-AC6E-4B40-816F-2C4AC55549F8}_is1) (Version: 1.0.0 - OneFloor App,Inc)
1 Media Player version 2.2.0 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA8}_is1) (Version: 2.2.0 - OneFloorApp Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version: - Stunlock Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
C9 (HKLM-x32\...\Steam App 212390) (Version: - Cloud 9 Studio)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dawngate (HKLM-x32\...\{9E238DAC-8A8B-46C4-B2D0-FD9903514095}) (Version: 187.42.53.0 - Electronic Arts, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.3 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.3 - Gameforge)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst)
Genymotion version 2.2.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.2.2 - Genymobile)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.0.5.3 - Infernum Productions AG)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Java Packages (HKCU\...\Java Packages) (Version: - ) <==== ATTENTION
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Panzar (HKLM-x32\...\{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1) (Version: 1.0 - Panzar)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.3.32950 - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Prime World version 9.14.0 (HKLM-x32\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.14.0 - Nival)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
SavingsAurora (HKCU\...\gxxqa) (Version: - ) <==== ATTENTION
Security Guard (HKLM-x32\...\Security Guard) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
VideoLAN VLC media player 0.8.2 (HKLM-x32\...\VLC media player) (Version: 0.8.2 - VideoLAN Team)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Warframe (HKLM-x32\...\{CD733352-5102-4212-8561-6A0CDF496DE7}) (Version: 1.0.0 - Digital Extremes)
WEBZEN Browser Extension (HKLM-x32\...\{95723791-2C44-454B-9220-C65D47D70E9C}) (Version: 1.12.010 - WEBZEN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WolfTeam-DE (HKLM-x32\...\WolfTeam-DE) (Version: - )
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_88) - Goobzo Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-09-2014 14:49:17 Installed Microsoft XNA Framework Redistributable 3.1
12-09-2014 16:27:58 DirectX wurde installiert
16-09-2014 18:03:15 Windows Update
16-09-2014 21:41:23 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
16-09-2014 21:42:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
18-09-2014 20:49:07 Wiederherstellungsvorgang
18-09-2014 21:08:57 Windows Update
18-09-2014 21:10:09 Wiederherstellungsvorgang
18-09-2014 21:38:58 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-04-20 00:10 - 00008909 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by
There are 162 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {31303B7D-797C-4E2A-A89D-51FA8E82935C} - \SPBIW_UpdateTask_Time_333339363935303830352d3237575a236c6c3255342a41 No Task File <==== ATTENTION
Task: {46296773-145C-492A-AE10-CDFEDE4DA865} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {49610218-A0B8-46DA-9999-71E04F16B5F9} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\ZooToolbar\WPackageUpdate.exe
Task: {6A6EE148-CC94-490F-A56E-973DE2E28A9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZooToolbar\WConnectorDirect.exe <==== ATTENTION
Task: {6B1B3635-B859-46DE-89E3-6A67B1058E5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {8BA398A9-032E-48A0-B55B-C35CE9EC9D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {9E2CC040-5571-486E-AC65-BE09F48EA35E} - System32\Tasks\UNELEVATE_12599 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe <==== ATTENTION
Task: {AC52E715-BFD7-43F4-A524-E858ADEC6C88} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {B2E7D4B8-212C-461B-8EC1-7ED16FF3A4CA} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\ZooToolbar\WSystemKeeper.exe
Task: {C62FE617-50D9-45C8-9980-FD198EC9B53C} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-11 19:36 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-02 21:41 - 2014-05-09 17:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-09-19 12:29 - 2014-09-19 12:42 - 00751680 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07941175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07941175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BlockAndSurf => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LPTSystemUpdater => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PirritDesktop => 2
MSCONFIG\Services: PirritUpdater => 2
MSCONFIG\Services: Update PlurPush => 2
MSCONFIG\Services: Util PlurPush => 2
MSCONFIG\Services: Wpm => 2
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/19/2014 02:52:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 12.9.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1250
Startzeit: 01cfd4087bf38ee0
Endzeit: 4
Anwendungspfad: C:\Users\Marlon\Downloads\FRST64.exe
Berichts-ID: dbb4d501-3ffb-11e4-bdf8-20cf30cd27b6
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (09/19/2014 02:52:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe12.9.2014.0125001cfd4087bf38ee04C:\Users\Marlon\Downloads\FRST64.exedbb4d501-3ffb-11e4-bdf8-20cf30cd27b6
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 645 Processor
Percentage of memory in use: 49%
Total physical RAM: 3327.23 MB
Available physical RAM: 1676.64 MB
Total Pagefile: 6652.63 MB
Available Pagefile: 4409.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.28 GB) (Free:125.72 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:91.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D3270B59)
Partition 1: (Active) - (Size=345.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
sollte ich Emisoft anti malware noch einmal meinen komplettenr echner scnannen lassen? hab jetzt irgendwie geschafft das ich mir nen anti malware programm runter laden kann, vorher wurden die immer geblockt. |
|
19.09.2014, 22:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Policies\Explorer: [Run] "C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Startup: C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntkrnlpa.lnk
ShortcutTarget: ntkrnlpa.lnk -> C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:37214
Toolbar: HKCU - No Name - {13F7E48A-AF65-4480-BD2A-CDF5B0929521} - No File
FF DefaultSearchEngine: Zoo Search
FF Extension: Site Matcher - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-22]
FF Extension: Zoo Toolbar - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{6e6e7f45-c4ea-4a0d-b25f-42ff7e3fd96c} [2014-08-01]
FF HKLM-x32\...\Firefox\Extensions: [{bd199e27-5053-4798-be04-8686f2b93a72}] - C:\Program Files (x86)\Security Guard\securityguard.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Guard\securityguard.xpi [2014-06-20]
FF Extension: MEGA - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\firefox@mega.co.nz.xpi [2014-04-19]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\toolbar@web.de [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\firefoxmini@go.im.xpi [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\c1b9d306-75ba-4390-8a8b-76b504015572@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
CHR HomePage: Default -> http://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
CHR StartupUrls: Default -> "http://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=58&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (PHD-V1.4) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [onljdobepbepmeogglgcegfflcmibdpk] - C:\Program Files (x86)\Security Guard\securityguard.crx [2014-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {31303B7D-797C-4E2A-A89D-51FA8E82935C} - \SPBIW_UpdateTask_Time_333339363935303830352d3237575a236c6c3255342a41 No Task File <==== ATTENTION
Task: {6A6EE148-CC94-490F-A56E-973DE2E28A9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZooToolbar\WConnectorDirect.exe <==== ATTENTION
Task: {9E2CC040-5571-486E-AC65-BE09F48EA35E} - System32\Tasks\UNELEVATE_12599 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe <==== ATTENTION
Task: {B2E7D4B8-212C-461B-8EC1-7ED16FF3A4CA} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\ZooToolbar\WSystemKeeper.exe
Task: {C62FE617-50D9-45C8-9980-FD198EC9B53C} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\PROGRA~2\YOUTUB~1
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\ZooToolbar
C:\ProgramData\TEMP
C:\Users\Marlon\Downloads\D80D.tmp
C:\rbtemp
C:\Users\Marlon\AppData\Local\QQSM
C:\Users\Marlon\AppData\Local\Temp\25cc40ac237f9326beca4170b7056e46.dll
C:\Users\Marlon\Downloads\Setup (3).exe
C:\Users\Marlon\Downloads\Setup (2).exe
C:\Users\Marlon\Downloads\NMBn63TJRs.exe
C:\ProgramData\ygpDOMp
C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
C:\ProgramData\AnexAvop
C:\Users\Marlon\AppData\Local\5532
C:\Program Files (x86)\Security Guard
Hosts:
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss |
| bat, fehlercode 0x40000015, fehlercode windows, geblockt, grafikkarte, kopieren, langsam, league of legends, leistungsverlust, malware, mobogenie, mobogenie entfernen, nicht mehr, performance, performanceprobleme, steam, sweet-page, sweet-page entfernen, system, system restore entfernen, system restore virus, trojaner, verzweifelt, viren scanner |
Linear-Darstellung
