| |
| |||||||
Log-Analyse und Auswertung: Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.10.2014, 11:22
| #1 |
 |  Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Guten Tag, ich habe mir vor 3 Tagen blöderweise Bewusst einen Trojaner eingefangen durch einen Trainer für ein Spiel(üblicherweise sind es Falschmeldungen durch ein AntiVir Progr. weswegen ich die Bedrohung ignorierte, nur schien es dieses mal nicht der Fall)  Innerhalb einer halben Stunde wurde mein PC immer langsamer bis letztlich garnichts mehr reagiert hatte und ich einen Neustart probierte. Windows brauchte ungefähr 1 Stunde zum starten, also bis zum Desktop. Es lief alles nur sehr sehr langsam ab, ein Programm zu starten dauerte Teilweise 10 Minuten oder länger. In dieser Form war alles völlig unbrauchbar, weswegen ich jetzt mit dem Abgesicherten Modus arbeite, bei diesem dauert das starten nur 30 Minuten, und Programme sind Teilweise noch recht zügig Verwendbar. Es scheint nur Windows an sich betroffen zu sein, das starten des PCs läuft so schnell wie immer bis zum Windows wird gestartet Bildschirm, Spiele die im abgesicherten Modus starten sowie der Browser funktionieren ohne Probleme, lediglich Windows an sich ist langsam. Ich habe schon einige AntiViren Programme durchlaufen lassen, es wurde viel entfernt aber der Trojaner schien nicht darunter zu sein(MalwareBytes AntiMalware,Trojan Remover,AVG,Microsoft SE,Adwcleaner) Hier die FRST logs Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Hyrican (administrator) on HYRICAN-PC on 08-10-2014 11:26:30
Running from C:\Users\Hyrican\Downloads
Loaded Profile: Hyrican (Available profiles: Hyrican & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-10-07] (Simply Super Software)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [puush] => C:\Program Files (x86)\puush\update\puush.exe [567880 2013-08-21] ()
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [MPCBrowser Update] => C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [120256 2014-05-12] (MyPlayCity, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\MountPoints2: J - J:\AUTOSTARTER.EXE
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\MountPoints2: {a797dc9a-bb50-11e0-94b6-001c4affb31b} - I:\Startme.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\MountPoints2: {ae8a1d02-5cf4-11e0-864b-1c6f655e30ab} - K:\pushinst.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\MountPoints2: {bd062b40-6a33-11e1-ba80-806e6f6e6963} - J:\AUTOSTARTER.EXE
IFEO\farcry.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\pcapui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\regsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\wlangui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk
ShortcutTarget: IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
SearchScopes: HKCU - {433873CA-9CAC-4077-970F-B979F744826D} URL =
SearchScopes: HKCU - {A058447C-D01F-44A6-8FA1-7447C8D5B0DD} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ciuvo -> {8DA04D15-6AB2-4E6F-95EB-E53B59F84001} -> No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Winsock: Catalog5 10 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 10 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: [NameServer] 192.168.1.1,194.25.2.129
FireFox:
========
FF ProfilePath: C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Hyrican\AppData\Local\Roblox\Versions\version-1ff4978f36a64477\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hyrican\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2-Blue - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\djziggy@gmail.com [2013-11-19]
FF Extension: LavaFox V2-Purple - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom555@aol.com [2014-09-15]
FF Extension: BlackFox V2 - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom@hotmail.com [2014-02-16]
FF Extension: No Name - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-10-16]
FF Extension: Bloody Red - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2012-05-22]
FF Extension: Long URL Please - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\longurlplease@darragh.curran.xpi [2011-05-15]
FF Extension: YouTube Unblocker - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-04-08]
FF Extension: Stylish - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-08]
FF Extension: Adblock Plus - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-12]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (Unity Player) - C:\Users\Hyrican\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Hyrican\AppData\Local\Roblox\Versions\version-2fc7393676ba4619\\NPRobloxProxy.dll No File
CHR Plugin: (IGG Web3D Updater NP Plugin for Mozilla) - C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
CHR Plugin: (JoyConnectShell NP Plugin for Mozilla) - C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
CHR Plugin: (SOE Web Installer) - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (saafe ssaVea) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolaihphklpfbofmnobenghdgjdibnco [2013-07-12]
CHR Extension: (Google Wallet) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [107040 2014-06-17] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3885424 2011-01-19] (INCA Internet Co., Ltd.) [File not signed]
S4 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [1852928 2012-02-10] (Proxy Labs) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-06] ()
S2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-09] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [62752 2012-06-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-09] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-10-06] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-10] (Duplex Secure Ltd.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 cpuz130; \??\C:\Users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va003; \??\C:\Users\Hyrican\AppData\Local\Temp\00365D7.tmp [X]
S3 X6va005; \??\C:\Users\Hyrican\AppData\Local\Temp\0056ECB.tmp [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 11:26 - 2014-10-08 11:30 - 00028844 _____ () C:\Users\Hyrican\Downloads\FRST.txt
2014-10-08 11:25 - 2014-10-08 11:26 - 00000000 ____D () C:\FRST
2014-10-08 11:20 - 2014-10-08 11:22 - 02109952 _____ (Farbar) C:\Users\Hyrican\Downloads\FRST64.exe
2014-10-07 18:23 - 2014-10-07 18:23 - 00000180 _____ () C:\windows\system32\avgrep.txt
2014-10-07 17:56 - 2014-10-07 17:56 - 01140378 _____ () C:\Users\Hyrican\Desktop\cc_20141007_175632.reg
2014-10-07 17:52 - 2014-10-07 17:52 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-07 17:52 - 2014-10-07 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 17:48 - 2014-10-07 17:50 - 03836936 _____ (Piriform Ltd) C:\Users\Hyrican\Downloads\ccsetup418_slim.exe
2014-10-07 15:18 - 2014-10-07 15:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\Documents\Simply Super Software
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-10-07 15:11 - 2014-10-07 15:11 - 21407864 _____ (Simply Super Software ) C:\Users\Hyrican\Downloads\trjsetup690.exe
2014-10-07 15:03 - 2014-10-07 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 14:48 - 2014-10-07 14:48 - 00001153 _____ () C:\Users\Hyrican\Desktop\CrystalDiskInfo.lnk
2014-10-07 14:48 - 2014-10-07 14:48 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-10-07 14:47 - 2014-10-07 14:47 - 02996728 _____ (Crystal Dew World ) C:\Users\Hyrican\Downloads\CrystalDiskInfo6_2_1.exe
2014-10-07 14:34 - 2014-10-07 14:34 - 00511633 _____ () C:\Users\Hyrican\Downloads\Autoruns_1203.zip
2014-10-06 21:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-06 21:00 - 2014-10-07 12:55 - 00000000 ____D () C:\AdwCleaner
2014-10-06 20:58 - 2014-10-06 20:59 - 01375089 _____ () C:\Users\Hyrican\Downloads\adwcleaner_3.311.exe
2014-10-05 17:04 - 2014-10-07 12:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 17:03 - 2014-10-05 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-10-06 12:30 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 17:02 - 2014-10-05 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-04 12:00 - 2014-10-04 12:07 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 22:04 - 2014-09-30 22:05 - 00222184 _____ (Deposit Files) C:\Users\Hyrican\Downloads\dfdownloader_pxL0ph_.exe
2014-09-26 20:54 - 2014-09-26 20:56 - 00000000 ____D () C:\Users\Hyrican\Desktop\BQuake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\Quake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II
2014-09-26 19:47 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2014-09-26 19:45 - 2014-09-26 19:45 - 00000000 ____D () C:\Users\Hyrican\Desktop\Quake2
2014-09-25 18:31 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-25 18:31 - 2014-09-25 18:31 - 00000899 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-09-25 18:30 - 2014-09-25 18:31 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-25 18:29 - 2014-09-25 18:30 - 26068984 _____ (ArenaNet) C:\Users\Hyrican\Downloads\Gw2Setup.exe
2014-09-25 16:05 - 2014-09-25 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 21:18 - 2014-09-25 16:11 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CSO
2014-09-24 15:26 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-24 15:26 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 18:35 - 2014-09-21 18:36 - 00174080 _____ (Igor Pavlov) C:\Users\Hyrican\Downloads\Uprising 2 - Lead and Destroy.exe.part
2014-09-21 13:10 - 2014-09-27 22:49 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000902 _____ () C:\Users\Hyrican\Desktop\Open Broadcaster Software.lnk
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-21 13:09 - 2014-09-21 13:10 - 07406196 _____ () C:\Users\Hyrican\Downloads\OBS_0_635b_Installer.exe
2014-09-20 23:30 - 2014-09-20 23:34 - 00000000 ____D () C:\Users\Hyrican\Desktop\mcserver2
2014-09-20 22:59 - 2014-09-27 21:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\MCserver
2014-09-20 22:58 - 2014-09-20 22:58 - 10769744 _____ () C:\Users\Hyrican\Downloads\minecraft_server.1.8.exe
2014-09-20 22:58 - 2014-09-20 22:58 - 00000185 _____ () C:\Users\Hyrican\Downloads\eula.txt
2014-09-20 22:58 - 2014-09-20 22:58 - 00000062 _____ () C:\Users\Hyrican\Downloads\server.properties
2014-09-20 11:35 - 2014-09-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-20 10:15 - 2014-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-11 17:59 - 2014-09-12 14:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\steeze_rhud
2014-09-11 17:57 - 2014-09-11 17:57 - 00000000 ____D () C:\Users\Hyrican\Desktop\RHUD-master
2014-09-11 08:57 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Hyrican\Desktop\autoruns.exe
2014-09-10 23:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 23:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 16:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 16:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 16:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 16:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 16:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 16:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 16:16 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 16:16 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-09 18:23 - 2014-09-09 18:23 - 00029318 _____ () C:\Users\Hyrican\Desktop\items.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 11:04 - 2011-03-25 12:48 - 01606647 _____ () C:\windows\WindowsUpdate.log
2014-10-07 18:39 - 2014-08-20 11:33 - 00000000 ____D () C:\Users\Hyrican\Desktop\Gang Beasts
2014-10-07 18:33 - 2012-02-19 02:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 16:43 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 16:42 - 2014-05-12 15:20 - 00000956 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
2014-10-07 16:42 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 16:22 - 2012-09-30 17:43 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\LogMeIn Hamachi
2014-10-07 16:20 - 2011-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-07 16:16 - 2012-04-01 10:18 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 16:06 - 2012-01-27 17:00 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 16:04 - 2013-06-03 21:33 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-10-07 16:03 - 2011-05-27 20:27 - 00000312 ___SH () C:\windows\Tasks\Znixo.job
2014-10-07 16:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-07 16:02 - 2009-07-14 06:51 - 00161635 _____ () C:\windows\setupact.log
2014-10-07 14:35 - 2013-01-15 17:23 - 02498560 ___SH () C:\Users\Hyrican\Desktop\Thumbs.db
2014-10-07 11:28 - 2011-01-18 11:46 - 01173622 _____ () C:\windows\PFRO.log
2014-10-06 16:55 - 2011-04-03 16:24 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Skype
2014-10-06 16:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-10-06 15:59 - 2006-05-09 12:04 - 00000000 _RSHD () C:\Users\Hyrican\AppData\Roaming\WinDir
2014-10-06 12:50 - 2011-09-21 21:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-06 12:05 - 2012-01-27 17:00 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 17:03 - 2011-04-20 13:45 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-05 15:25 - 2014-05-12 15:20 - 00000904 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
2014-10-05 13:01 - 2012-03-24 12:17 - 00000000 ____D () C:\Users\Administrator
2014-10-05 12:47 - 2011-03-28 12:39 - 00000000 ____D () C:\Users\Hyrican
2014-10-05 12:45 - 2013-08-20 22:03 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\puush
2014-10-05 12:45 - 2013-03-26 12:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Warframe
2014-10-05 12:45 - 2011-11-09 21:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Akamai
2014-10-05 12:45 - 2011-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-05 12:45 - 2011-04-02 09:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-05 12:45 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-05 12:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-10-04 17:13 - 2011-06-26 15:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CrashDumps
2014-10-04 15:43 - 2012-11-03 00:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Origin
2014-10-04 09:59 - 2011-11-11 16:32 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Skyrim
2014-10-03 10:37 - 2014-06-09 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-10-03 10:37 - 2012-01-29 10:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-10-03 10:16 - 2012-08-02 21:07 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\.minecraft
2014-10-02 23:24 - 2011-05-31 18:01 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\vlc
2014-09-28 21:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-27 11:53 - 2011-01-18 09:26 - 00415771 _____ () C:\windows\DirectX.log
2014-09-27 10:24 - 2012-05-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 15:34 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-24 21:24 - 2011-04-13 07:00 - 00000000 ____D () C:\Temp
2014-09-24 21:16 - 2013-02-02 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-24 17:16 - 2012-04-01 10:18 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:16 - 2012-04-01 10:18 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:16 - 2011-05-16 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2011-01-18 14:24 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 22:51 - 2014-02-23 21:46 - 00007591 _____ () C:\Users\Hyrican\AppData\Local\Resmon.ResmonCfg
2014-09-20 23:26 - 2014-08-17 10:49 - 00000000 ____D () C:\Users\Hyrican\Desktop\Bukkit-Bleeding-master
2014-09-20 14:25 - 2011-06-05 11:24 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 22:02 - 2011-04-02 18:47 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\SoftGrid Client
2014-09-19 19:49 - 2011-07-18 14:38 - 00000021 _____ () C:\windows\EC_List.txt.bak
2014-09-10 23:16 - 2011-04-02 18:46 - 01624388 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:16 - 2009-07-14 19:58 - 00710352 _____ () C:\windows\system32\perfh007.dat
2014-09-10 23:16 - 2009-07-14 19:58 - 00154530 _____ () C:\windows\system32\perfc007.dat
2014-09-10 23:15 - 2009-07-14 07:13 - 01624388 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-10 23:14 - 2011-06-23 18:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 23:14 - 2011-06-23 18:15 - 00002155 _____ () C:\windows\epplauncher.mif
2014-09-10 23:13 - 2011-06-23 18:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 23:13 - 2011-06-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 23:11 - 2014-05-06 22:46 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-09 18:32 - 2014-09-05 15:52 - 00000000 ____D () C:\Users\Hyrican\Desktop\maps
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat
Some content of TEMP:
====================
C:\Users\Hyrican\AppData\Local\Temp\binary.exe
C:\Users\Hyrican\AppData\Local\Temp\GURB135.exe
C:\Users\Hyrican\AppData\Local\Temp\GURE187.exe
C:\Users\Hyrican\AppData\Local\Temp\GURF45C.exe
C:\Users\Hyrican\AppData\Local\Temp\Gw2.exe
C:\Users\Hyrican\AppData\Local\Temp\Nexus Mod Manager-0.52.3.exe
C:\Users\Hyrican\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.2.exe
C:\Users\Hyrican\AppData\Local\Temp\NGM.exe
C:\Users\Hyrican\AppData\Local\Temp\NGMSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 04:09
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Hyrican at 2014-10-08 11:32:20
Running from C:\Users\Hyrican\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Absolute Uninstaller 5.3.1.7 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.7 - Glarysoft Ltd)
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.04.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed III: Deluxe Edition DLC (HKLM-x32\...\Deluxe Edition DLC_is1) (Version: 1.4 - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
AVG 2012 (Version: 12.0.1809 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1901 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4037 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version: - )
BEETmobile (HKLM-x32\...\{AC843048-1628-421B-AEEB-F86FFAEBFA91}) (Version: 1.0.21.0 - BEETmobile AG)
Belkin Wireless G USB Adapter Driver (HKLM-x32\...\{D593C72C-435B-4171-8106-9CA8AA34D716}) (Version: - Belkin)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BurnInTest v7.0 Standard (HKLM\...\BurnInTest_is1) (Version: 7.0 - Passmark Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Ciuvo (HKLM-x32\...\{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}) (Version: 1.3.668 - Ciuvo GmbH)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 - Deutsches Sprachpaket (HKLM-x32\...\Red Alert 3 German Language Pack) (Version: 1.0 - Thundermods.net)
Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
ContentMod2.4 (HKLM-x32\...\ContentMod_2.4) (Version: - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - )
Crysis Wars(R) (HKLM-x32\...\Crysis Wars(R)) (Version: - Electronic Arts)
Crysis Wars(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis Wars(R) Patch (HKLM-x32\...\Crysis Wars(R) Patch) (Version: - Electronic Arts)
Crysis Wars(R) Patch (x32 Version: 1.0.5.0 - Crytek) Hidden
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.21.0000 - Electronic Arts)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duke Nukem 3D (HKLM-x32\...\GOGPACKDUKE3D_is1) (Version: 2.0.0.85 - GOG.com)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Earth Defense Force: Insect Armageddon (HKLM-x32\...\Steam App 23530) (Version: - )
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Emulator Starter (HKCU\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Extreme Immersive Mod version 3.0.87 (HKLM-x32\...\{F135C9E0-3F24-42DD-B12B-8282B72A4D6F}_is1) (Version: 3.0.87 - CyberAlien)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FEAR Extraction Point (HKLM-x32\...\{909BBDB7-BABE-434C-9124-863A9F8D1CF8}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
FEARCombat (HKLM-x32\...\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Free Realms (HKCU\...\SOE-Free Realms) (Version: - Sony Online Entertainment)
Free YouTube Download version 3.2.26.224 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.26.224 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Garry's Mod Manager (HKLM-x32\...\Garry's Mod Manager 8.10.0000) (Version: 8.10.0000 - Lansoftware)
Garry's Mod Manager (x32 Version: 8.10.0000 - Lansoftware) Hidden
GCFExplorer 1.5 (HKLM-x32\...\GCFExplorer_is1) (Version: - SASiO)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.1 - ghost-mouse.com)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic (SCREENFUN-DVD November 2005) (HKLM-x32\...\Gothic_Screenfun) (Version: - )
Gothic 3 (HKLM-x32\...\{9F78DB3D-4F90-4A10-AD0A-85C271C88106}) (Version: 1.0.0 - JoWood)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto Vice City (HKCU\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version: - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IGG Web3D Player version 1.0.0.38 (HKCU\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
IM Lock (HKLM-x32\...\IMLock) (Version: - Comvigo, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
LBA Prequel Demo version 1.0 (HKLM-x32\...\LBA Prequel Demo_is1) (Version: 1.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Little Big Adventure (HKLM-x32\...\Little Big Adventure) (Version: - )
Little Big Adventure for Windows 0.8.1 (HKLM-x32\...\{BAB1B719-79D5-4EC0-A41B-76E197F3BA44}_is1) (Version: - Adeline Software, Inc. & Sébastien Viannay)
Livestream Procaster (HKLM-x32\...\{BD9B6C18-3739-4959-9854-3C97E2011E52}) (Version: 20.3.10 - Procaster)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare)
Mass Effect 2 DLC Unlocker (HKLM-x32\...\Mass Effect 2 DLC Unlocker_is1) (Version: 1.0 - EA Games)
Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7320.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Need For Speed 2 SE 3Dfx Patch (HKLM\...\{7de963c9-aef2-4a49-85ae-a58f90ed295d}.sdb) (Version: - )
Need For Speed 2 SE Patch (HKLM\...\{cbe4920d-fc87-4c7e-a3e8-fa0eb7f874d2}.sdb) (Version: - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
nGlide 1.02 (HKLM-x32\...\nGlide) (Version: 1.02 - Zeus Software)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - The Fighter's Stronghold (HKLM-x32\...\{A0A20753-92DF-4631-82B4-9CACE2FCED6A}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayFree Browser (HKCU\...\PlayFreeBrowser) (Version: 3.0.0.4 - MyPlayCity, Inc.)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.1.8.07881 - Sony Computer Entertainment Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Prince of Persia (HKLM-x32\...\Steam App 19980) (Version: - Ubisoft Montreal)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
ProxyCap (HKLM\...\{7CD321B6-3ACB-487E-BF95-5DE133DEE085}) (Version: 5.0.21 - Proxy Labs)
ProxyChecker (remove only) (HKLM-x32\...\ProxyChecker) (Version: - )
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version: - )
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6278 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0150 - )
Red Faction (HKLM-x32\...\{47E6B460-04BA-4215-9F5D-3858BF920D07}) (Version: - )
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
ROBLOX Player for Hyrican (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
S4 League_EU (HKLM-x32\...\{3945321F-4817-4351-B960-FEF83F91AF68}) (Version: 1.00.0000 - )
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version: - )
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scrapland (HKLM-x32\...\{A863F2EF-443D-429C-9DCD-9234BEB8142A}) (Version: 12 - DeepSilver)
Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version: - 3D Realms)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.3.201402131509 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version: - )
SpellForce 2 Shadow Wars (HKLM-x32\...\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}) (Version: 1.0.0 - JoWood)
StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version: - CodeHatch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StencylWorks (HKLM-x32\...\StencylWorks) (Version: 1.0.0 - Stencyl, LLC)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Trojan Remover 6.9.1.2931 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2931 - Simply Super Software)
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4500.49 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4500.49 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.49 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic Games, Inc.)
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1 (HKCU\...\UT3 CBP3 Vol 1) (Version: - )
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3 (HKCU\...\UT3 CBP3 Vol 3) (Version: - )
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 4 (HKCU\...\UT3 CBP3 Vol 4) (Version: - )
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UT3 Domination (CBP Edition) (HKLM-x32\...\{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}) (Version: 3.1.0 - Brian 'Snake' Alexander)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version: - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WhoCrashed 4.00 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden
World of Padman 1.5 (HKLM-x32\...\World of Padman 1.5) (Version: 1.5 - Padworld Entertainment)
XIII (HKLM-x32\...\{42BC0474-6E50-464A-8183-5E3D32E41B1B}) (Version: 1.00.000 - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3411245652-3336226874-965968342-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1A09C334-E3B3-4E19-8869-EAA300605C48} - System32\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core => C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12] (MyPlayCity, Inc.)
Task: {1A5F0ED9-22A3-480D-92B6-4ACCF7D26461} - System32\Tasks\Znixo => Rundll32.exe "C:\windows\SysWOW64\efsutil7.dll",SNEANDV
Task: {2BC5331F-EBFC-4F60-BAFE-8350FE483F51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {31E97DF2-EFF3-4C10-B352-6B4ECAF57DD0} - System32\Tasks\BEETmobile => C:\Program Files (x86)\BEETmobile\BEETmobile.exe
Task: {413C5769-1902-43C6-ADF8-6AF1A2B7B618} - System32\Tasks\{264A2F3C-E388-4D00-85B3-8FBAA52A1392} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {4304B14F-ED75-4BB3-8127-9ACA3AE1617B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {5F822A92-B2FE-4120-BB02-C353E0D4AA58} - System32\Tasks\{343DBD4D-F1CB-43C8-8F36-9B7DC9ED9E79} => J:\avm_fritz!wlan_usb_stick_x64_build_100906.exe
Task: {63703341-5C28-4A10-B3D0-E6CEB3E76AB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7F3A49E6-C09B-41D5-A030-83AB1379A437} - System32\Tasks\{339070C0-4C71-4E35-9343-5F074ADDDDE8} => J:\avm_fritz!wlan_usb_stick_x64_build_100906.exe
Task: {9437EFDF-5F94-4043-A214-40CDF34C1955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A1D6DBB7-3B3A-462F-8B64-0DFFE020DB0C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-02] (Adobe Systems Incorporated)
Task: {B8E338E2-6942-415C-810F-BC76A9A5F0F0} - System32\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA => C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12] (MyPlayCity, Inc.)
Task: {D5BB3F24-3A57-4340-BF68-1C6294ACC34A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7308ECF7-74A9-4FBF-90C7-B61B307539C9}.exe
Task: {D5D84D43-8BED-4639-B6EE-8560AD8FD523} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {F92B858B-46B0-4D08-B4F3-823B61E141F6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7308ECF7-74A9-4FBF-90C7-B61B307539C9}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job => C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe
Task: C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job => C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe
Task: C:\windows\Tasks\Znixo.job => ?
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-09-25 16:11 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 16:11 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 16:11 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2012-06-14 18:50 - 2012-06-15 03:02 - 01977312 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2011-04-03 15:59 - 2012-06-15 03:02 - 00162784 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2011-04-03 15:59 - 2012-06-15 03:02 - 00021984 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\Hyrican\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Hyrican\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3411245652-3336226874-965968342-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3411245652-3336226874-965968342-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3411245652-3336226874-965968342-1011 - Limited - Enabled)
Hyrican (S-1-5-21-3411245652-3336226874-965968342-1000 - Administrator - Enabled) => C:\Users\Hyrican
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (10/06/2014 11:18:08 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/08/2014 11:30:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:30:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:30:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:28:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:27:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:27:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:27:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/08/2014 11:26:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900
Error: (10/07/2014 04:02:34 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900
Error: (10/06/2014 04:38:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900
Error: (10/06/2014 11:18:08 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/06/2014 11:14:27 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 16%
Total physical RAM: 8188.16 MB
Available physical RAM: 6816.1 MB
Total Pagefile: 16374.49 MB
Available Pagefile: 15034.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:923.02 GB) (Free:236.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACBE1DE9)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=923 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=27)
==================== End Of Log ============================
|
|
08.10.2014, 11:25
| #2 |
| /// the machine /// TB-Ausbilder    |  Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Hi,
__________________wenn möglich bitte alles im normalen Modus laufen lassen. Scan mit Combofix
__________________ |
|
08.10.2014, 23:26
| #3 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Normaler Modus wird schwierig, dauert wie gesagt zum starten ungefähr 1 Stunde und da ist nicht garantiert das ich das Programm starten kann, versuchen könnt ichs aber der abgesicherte Modus läuft grade wieder so gut, werd den Test erstmal im abgesicherten machen.
__________________Hier sind die Logs Code:
ATTFilter ComboFix 14-10-04.01 - Hyrican 08.10.2014 12:46:03.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8188.7124 [GMT 2:00]
ausgeführt von:: c:\users\Hyrican\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\53de5335-0052-4b69-b8fc-16ce87320f19.ico
c:\users\Hyrican\AppData\Local\assembly\tmp
c:\users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolaihphklpfbofmnobenghdgjdibnco
c:\users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eolaihphklpfbofmnobenghdgjdibnco_0.localstorage-journal
c:\users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eolaihphklpfbofmnobenghdgjdibnco_0.localstorage
c:\users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Hyrican\AppData\Roaming\.#
c:\users\Hyrican\AppData\Roaming\Hyrican3SQLite3.dll
c:\users\Hyrican\AppData\Roaming\Hyricanlog.dat
c:\users\Hyrican\AppData\Roaming\Love
c:\users\Hyrican\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-1.txt
c:\users\Hyrican\AppData\Roaming\Love\mari0\options.txt
c:\users\Hyrican\AppData\Roaming\Microsoft\Windows\Recent\desktop_60493678.ico
c:\users\Hyrican\AppData\Roaming\Windir
c:\windows\IsUn0407.exe
c:\windows\SysWow64\ChilkatMail_v7_9.dll
c:\windows\SysWow64\SET2214.tmp
c:\windows\SysWow64\SET238D.tmp
c:\windows\SysWow64\SET2B42.tmp
c:\windows\SysWow64\SET3ADE.tmp
c:\windows\SysWow64\SET5A53.tmp
c:\windows\SysWow64\SET5AF1.tmp
c:\windows\SysWow64\tmp8D50.tmp
c:\windows\SysWow64\tmp8D51.tmp
c:\windows\SysWow64\updater.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-08 bis 2014-10-08 ))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2014-10-08 11:13 . 2014-10-08 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-08 11:13 . 2014-10-08 11:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-08 09:25 . 2014-10-08 09:32 -------- d-----w- C:\FRST
2014-10-07 15:52 . 2014-10-07 15:52 -------- d-----w- c:\program files\CCleaner
2014-10-07 13:18 . 2014-10-07 13:18 -------- d-----w- c:\programdata\Licenses
2014-10-07 13:17 . 2014-10-07 13:17 -------- d-----w- c:\users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 13:16 . 2014-10-07 13:17 -------- d-----w- c:\program files (x86)\Trojan Remover
2014-10-07 13:16 . 2014-10-07 13:16 -------- d-----w- c:\programdata\Simply Super Software
2014-10-07 13:03 . 2014-10-07 13:03 -------- d-----w- c:\program files (x86)\ESET
2014-10-07 12:48 . 2014-10-07 12:48 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2014-10-06 19:06 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-06 19:00 . 2014-10-07 10:55 -------- d-----w- C:\AdwCleaner
2014-10-05 15:04 . 2014-10-08 09:59 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 15:02 . 2014-10-06 10:30 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 15:02 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 15:02 . 2014-10-05 15:02 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-10-04 12:50 . 2014-10-05 10:45 -------- d-----w- c:\program files (x86)\JDownloader
2014-10-04 10:00 . 2014-10-04 10:07 -------- d-----w- c:\program files (x86)\3DO
2014-10-03 18:23 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFA00A0E-153E-444C-9A69-D4B45113F55E}\mpengine.dll
2014-10-02 18:04 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-01 14:07 . 2014-09-17 14:34 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDE2E586-2B0E-4ABB-8729-AC5FCAE8189E}\gapaengine.dll
2014-10-01 14:04 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 14:04 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-26 17:49 . 2014-09-26 17:49 -------- d-----w- C:\Quake2
2014-09-26 17:47 . 1997-08-26 10:06 315904 ----a-w- c:\windows\IsUninst.exe
2014-09-25 16:31 . 2014-10-05 10:45 -------- d-----w- c:\program files (x86)\Guild Wars 2
2014-09-25 16:30 . 2014-09-25 16:31 -------- d-----w- c:\users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-24 19:18 . 2014-09-25 14:11 -------- d-----w- c:\users\Hyrican\AppData\Local\CSO
2014-09-24 13:26 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 13:26 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-21 11:10 . 2014-09-27 20:49 -------- d-----w- c:\users\Hyrican\AppData\Roaming\OBS
2014-09-21 11:10 . 2014-09-21 11:10 -------- d-----w- c:\program files\OBS
2014-09-21 11:10 . 2014-09-21 11:10 -------- d-----w- c:\program files (x86)\OBS
2014-09-20 08:15 . 2014-09-20 08:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-10 21:12 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 21:12 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 14:19 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 14:19 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 14:18 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 14:18 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 14:18 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 14:18 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 14:18 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 14:16 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 14:16 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 15:16 . 2012-04-01 08:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 15:16 . 2011-05-16 13:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2011-01-18 12:24 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 14:34 . 2012-06-13 12:39 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-30 22:06 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 09:42 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 09:42 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 09:42 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-11 19:22 . 2012-09-04 14:39 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-08-06 09:25 . 2014-08-06 09:24 291496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-06 09:24 . 2011-07-03 12:10 291496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-06 09:24 . 2014-08-06 09:24 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-08-06 08:50 . 2014-08-06 08:50 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-08-04 19:04 . 2013-07-14 17:18 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2014-07-31 23:41 . 2014-08-14 17:07 348856 ----a-w- c:\windows\system32\iedkcs32.dll
2014-07-26 22:44 . 2012-07-24 00:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2014-07-25 14:52 . 2014-08-14 17:07 23645696 ----a-w- c:\windows\system32\mshtml.dll
2014-07-25 14:02 . 2014-08-14 17:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 14:01 . 2014-08-14 17:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 13:30 . 2014-08-14 17:07 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 13:28 . 2014-08-14 17:08 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 13:28 . 2014-08-14 17:07 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 13:25 . 2014-08-14 17:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 13:25 . 2014-08-14 17:07 2774528 ----a-w- c:\windows\system32\iertutil.dll
2014-07-25 13:11 . 2014-08-14 17:07 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-07-25 13:10 . 2014-08-14 17:07 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-07-25 13:04 . 2014-08-14 17:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-07-25 13:03 . 2014-08-14 17:07 598016 ----a-w- c:\windows\system32\ieui.dll
2014-07-25 13:00 . 2014-08-14 17:07 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 13:00 . 2014-08-14 17:07 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:59 . 2014-08-14 17:07 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:47 . 2014-08-14 17:07 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 12:40 . 2014-08-14 17:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-07-25 12:34 . 2014-08-14 17:07 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-07-25 12:34 . 2014-08-14 17:07 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-07-25 12:33 . 2014-08-14 17:08 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30 . 2014-08-14 17:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28 . 2014-08-14 17:07 5824512 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 12:28 . 2014-08-14 17:08 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 12:19 . 2014-08-14 17:07 195584 ----a-w- c:\windows\system32\msrating.dll
2014-07-25 12:17 . 2014-08-14 17:07 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-07-25 12:10 . 2014-08-14 17:07 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-07-25 12:10 . 2014-08-14 17:07 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08 . 2014-08-14 17:08 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06 . 2014-08-14 17:07 4204032 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-07-25 11:47 . 2014-08-14 17:07 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-07-25 11:43 . 2014-08-14 17:08 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:42 . 2014-08-14 17:07 692736 ----a-w- c:\windows\system32\ie4uinit.exe
2014-07-25 11:39 . 2014-08-14 17:07 2087936 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:39 . 2014-08-14 17:07 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 11:23 . 2014-08-14 17:07 13547008 ----a-w- c:\windows\system32\ieframe.dll
2014-07-25 11:07 . 2014-08-14 17:07 2001920 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07 . 2014-08-14 17:07 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52 . 2014-08-14 17:07 2266624 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 10:26 . 2014-08-14 17:07 1431040 ----a-w- c:\windows\system32\urlmon.dll
2014-07-25 10:17 . 2014-08-14 17:07 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-07-25 10:05 . 2014-08-14 17:07 1792512 ----a-w- c:\windows\SysWow64\wininet.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-21 19:03 . 2014-07-21 19:03 244504 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-07-17 16:05 . 2014-07-17 16:05 269008 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2010-10-24 19:25 125584 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-14 02:02 . 2014-08-14 16:29 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 16:29 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-11 00:08 . 2011-01-18 12:24 96441528 ----a-w- c:\windows\system32\MRT.exe
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-09-23 1938112]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-25 393216]
"puush"="c:\program files (x86)\puush\update\puush.exe" [2013-08-21 567880]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Akamai NetSession Interface"="c:\users\Hyrican\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"MPCBrowser Update"="c:\users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe" [2014-05-12 120256]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2014-10-07 1666432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IML.lnk - c:\windows\System32\iml.vbs [2010-5-21 4472]
IML64.lnk - c:\windows\SysWOW64\iml.vbs [2010-5-21 4472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.2\dbk64.sys;c:\program files (x86)\Cheat Engine 6.2\dbk64.sys [x]
R3 cpuz130;cpuz130;c:\users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp;c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp [x]
R3 X6va005;X6va005;c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp;c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 14:04 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:17]
.
2014-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 15:00]
.
2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 15:00]
.
2014-10-05 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
- c:\users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12 13:20]
.
2014-10-07 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
- c:\users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: NameServer = 192.168.1.1,194.25.2.129
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}\25F65747566363: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}\84F6D656F5548545: DhcpNameServer = 192.168.1.250
FF - ProfilePath - c:\users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2012-01-16 15:02; avg@toolbar; c:\programdata\AVG Secure Search\8.0.0.40
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{8DA04D15-6AB2-4E6F-95EB-E53B59F84001} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IMLock - c:\windows\System32\tnblf.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-PlayFreeBrowser - c:\users\Hyrican\AppData\Local\PlayFree Browser\Application\3.0.0.4\Installer\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}"=hex:51,66,7a,6c,4c,1d,38,12,45,d4,f9,
60,e6,b1,6f,0b,d5,2c,0f,31,63,03,37,f0
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}"=hex:51,66,7a,6c,4c,1d,38,12,7b,4e,b3,
89,80,24,01,0b,ea,fd,a6,7b,5c,a6,04,15
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{0F91EBF4-258C-4CF9-84B0-019450E34EBC}"=hex:51,66,7a,6c,4c,1d,38,12,9a,e8,82,
0b,be,6b,97,09,fb,a6,42,d4,55,bd,0a,a8
"{E79F7769-293C-4C64-AC46-50A087D976C0}"=hex:51,66,7a,6c,4c,1d,38,12,07,74,8c,
e3,0e,67,0a,09,d3,50,13,e0,82,87,32,d4
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:93,d3,78,41,3a,26,cd,01
.
[HKEY_USERS\S-1-5-21-3411245652-3336226874-965968342-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9c,74,78,c7,0d,64,07,96,71,e4,b9,4a,9c,31,73,57,36,4f,ef,0a,d5,42,7b,
81,bb,4d,75,27,11,db,0c,89,f7,04,e4,85,3a,df,60,1e,45,a3,79,2b,5e,23,23,79,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3411245652-3336226874-965968342-1000\Software\SecuROM\License information*]
"datasecu"=hex:31,1c,d4,b1,01,ff,63,0e,be,3a,ee,50,11,56,dc,db,99,28,c9,74,02,
55,01,3b,0f,79,dc,0d,ba,22,44,a7,52,67,9b,f2,a2,c1,fe,a9,90,3f,39,45,67,f4,\
"rkeysecu"=hex:95,86,77,47,23,19,4b,69,20,36,f1,b6,bb,24,2e,2f
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-08 13:20:27
ComboFix-quarantined-files.txt 2014-10-08 11:20
.
Vor Suchlauf: 19 Verzeichnis(se), 253.377.515.520 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 257.516.109.824 Bytes frei
.
- - End Of File - - 0773CE9EB0E3400324E661AF32E0EB48
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter ComboFix 14-10-04.01 - Hyrican 08.10.2014 23:17:10.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8188.6297 [GMT 2:00]
ausgeführt von:: c:\users\Hyrican\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-08 bis 2014-10-08 ))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2014-10-08 21:57 . 2014-10-08 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-08 21:57 . 2014-10-08 21:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-08 09:25 . 2014-10-08 09:32 -------- d-----w- C:\FRST
2014-10-07 15:52 . 2014-10-07 15:52 -------- d-----w- c:\program files\CCleaner
2014-10-07 13:18 . 2014-10-07 13:18 -------- d-----w- c:\programdata\Licenses
2014-10-07 13:17 . 2014-10-07 13:17 -------- d-----w- c:\users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 13:16 . 2014-10-07 13:17 -------- d-----w- c:\program files (x86)\Trojan Remover
2014-10-07 13:16 . 2014-10-07 13:16 -------- d-----w- c:\programdata\Simply Super Software
2014-10-07 13:03 . 2014-10-07 13:03 -------- d-----w- c:\program files (x86)\ESET
2014-10-07 12:48 . 2014-10-07 12:48 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2014-10-06 19:06 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-06 19:00 . 2014-10-07 10:55 -------- d-----w- C:\AdwCleaner
2014-10-05 15:04 . 2014-10-08 09:59 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 15:02 . 2014-10-06 10:30 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 15:02 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 15:02 . 2014-10-05 15:02 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-10-04 12:50 . 2014-10-05 10:45 -------- d-----w- c:\program files (x86)\JDownloader
2014-10-04 10:00 . 2014-10-04 10:07 -------- d-----w- c:\program files (x86)\3DO
2014-10-03 18:23 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFA00A0E-153E-444C-9A69-D4B45113F55E}\mpengine.dll
2014-10-02 18:04 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-01 14:07 . 2014-09-17 14:34 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDE2E586-2B0E-4ABB-8729-AC5FCAE8189E}\gapaengine.dll
2014-10-01 14:04 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 14:04 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-26 17:49 . 2014-09-26 17:49 -------- d-----w- C:\Quake2
2014-09-26 17:47 . 1997-08-26 10:06 315904 ----a-w- c:\windows\IsUninst.exe
2014-09-25 16:31 . 2014-10-05 10:45 -------- d-----w- c:\program files (x86)\Guild Wars 2
2014-09-25 16:30 . 2014-09-25 16:31 -------- d-----w- c:\users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-24 19:18 . 2014-09-25 14:11 -------- d-----w- c:\users\Hyrican\AppData\Local\CSO
2014-09-24 13:26 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 13:26 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-21 11:10 . 2014-09-27 20:49 -------- d-----w- c:\users\Hyrican\AppData\Roaming\OBS
2014-09-21 11:10 . 2014-09-21 11:10 -------- d-----w- c:\program files\OBS
2014-09-21 11:10 . 2014-09-21 11:10 -------- d-----w- c:\program files (x86)\OBS
2014-09-20 08:15 . 2014-09-20 08:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-10 21:12 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 21:12 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 14:19 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 14:19 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 14:18 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 14:18 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 14:18 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 14:18 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 14:18 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 14:16 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 14:16 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 15:16 . 2012-04-01 08:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 15:16 . 2011-05-16 13:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2011-01-18 12:24 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 14:34 . 2012-06-13 12:39 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-30 22:06 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 09:42 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 09:42 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 09:42 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-11 19:22 . 2012-09-04 14:39 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-08-06 09:25 . 2014-08-06 09:24 291496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-06 09:24 . 2011-07-03 12:10 291496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-06 09:24 . 2014-08-06 09:24 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-08-06 08:50 . 2014-08-06 08:50 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-08-04 19:04 . 2013-07-14 17:18 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2014-07-31 23:41 . 2014-08-14 17:07 348856 ----a-w- c:\windows\system32\iedkcs32.dll
2014-07-26 22:44 . 2012-07-24 00:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2014-07-25 14:52 . 2014-08-14 17:07 23645696 ----a-w- c:\windows\system32\mshtml.dll
2014-07-25 14:02 . 2014-08-14 17:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 14:01 . 2014-08-14 17:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 13:30 . 2014-08-14 17:07 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 13:28 . 2014-08-14 17:08 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 13:28 . 2014-08-14 17:07 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 13:25 . 2014-08-14 17:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 13:25 . 2014-08-14 17:07 2774528 ----a-w- c:\windows\system32\iertutil.dll
2014-07-25 13:11 . 2014-08-14 17:07 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-07-25 13:10 . 2014-08-14 17:07 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-07-25 13:04 . 2014-08-14 17:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-07-25 13:03 . 2014-08-14 17:07 598016 ----a-w- c:\windows\system32\ieui.dll
2014-07-25 13:00 . 2014-08-14 17:07 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 13:00 . 2014-08-14 17:07 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:59 . 2014-08-14 17:07 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:47 . 2014-08-14 17:07 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 12:40 . 2014-08-14 17:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-07-25 12:34 . 2014-08-14 17:07 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-07-25 12:34 . 2014-08-14 17:07 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-07-25 12:33 . 2014-08-14 17:08 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30 . 2014-08-14 17:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28 . 2014-08-14 17:07 5824512 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 12:28 . 2014-08-14 17:08 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 12:19 . 2014-08-14 17:07 195584 ----a-w- c:\windows\system32\msrating.dll
2014-07-25 12:17 . 2014-08-14 17:07 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-07-25 12:10 . 2014-08-14 17:07 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-07-25 12:10 . 2014-08-14 17:07 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08 . 2014-08-14 17:08 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06 . 2014-08-14 17:07 4204032 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-07-25 11:47 . 2014-08-14 17:07 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-07-25 11:43 . 2014-08-14 17:08 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:42 . 2014-08-14 17:07 692736 ----a-w- c:\windows\system32\ie4uinit.exe
2014-07-25 11:39 . 2014-08-14 17:07 2087936 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:39 . 2014-08-14 17:07 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 11:23 . 2014-08-14 17:07 13547008 ----a-w- c:\windows\system32\ieframe.dll
2014-07-25 11:07 . 2014-08-14 17:07 2001920 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07 . 2014-08-14 17:07 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52 . 2014-08-14 17:07 2266624 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 10:26 . 2014-08-14 17:07 1431040 ----a-w- c:\windows\system32\urlmon.dll
2014-07-25 10:17 . 2014-08-14 17:07 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-07-25 10:05 . 2014-08-14 17:07 1792512 ----a-w- c:\windows\SysWow64\wininet.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-21 19:03 . 2014-07-21 19:03 244504 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-07-17 16:05 . 2014-07-17 16:05 269008 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2010-10-24 19:25 125584 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-14 02:02 . 2014-08-14 16:29 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 16:29 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-11 00:08 . 2011-01-18 12:24 96441528 ----a-w- c:\windows\system32\MRT.exe
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-25 393216]
"Akamai NetSession Interface"="c:\users\Hyrican\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IML.lnk - c:\windows\System32\iml.vbs [2010-5-21 4472]
IML64.lnk - c:\windows\SysWOW64\iml.vbs [2010-5-21 4472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.2\dbk64.sys;c:\program files (x86)\Cheat Engine 6.2\dbk64.sys [x]
R3 cpuz130;cpuz130;c:\users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp;c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp [x]
R3 X6va005;X6va005;c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp;c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R4 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 14:04 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:17]
.
2014-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 15:00]
.
2014-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 15:00]
.
2014-10-05 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
- c:\users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12 13:20]
.
2014-10-08 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
- c:\users\Hyrican\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2014-05-12 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: aeriagames.com
TCP: Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: NameServer = 192.168.1.1,194.25.2.129
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}\25F65747566363: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F95EEA27-CE0A-4120-B2B7-19FEBB9FBA95}\84F6D656F5548545: DhcpNameServer = 192.168.1.250
FF - ProfilePath - c:\users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2012-01-16 15:02; avg@toolbar; c:\programdata\AVG Secure Search\8.0.0.40
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{8DA04D15-6AB2-4E6F-95EB-E53B59F84001} - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IMLock - c:\windows\System32\tnblf.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\Hyrican\AppData\Local\Temp\00365D7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Hyrican\AppData\Local\Temp\0056ECB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}"=hex:51,66,7a,6c,4c,1d,38,12,45,d4,f9,
60,e6,b1,6f,0b,d5,2c,0f,31,63,03,37,f0
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}"=hex:51,66,7a,6c,4c,1d,38,12,7b,4e,b3,
89,80,24,01,0b,ea,fd,a6,7b,5c,a6,04,15
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{0F91EBF4-258C-4CF9-84B0-019450E34EBC}"=hex:51,66,7a,6c,4c,1d,38,12,9a,e8,82,
0b,be,6b,97,09,fb,a6,42,d4,55,bd,0a,a8
"{E79F7769-293C-4C64-AC46-50A087D976C0}"=hex:51,66,7a,6c,4c,1d,38,12,07,74,8c,
e3,0e,67,0a,09,d3,50,13,e0,82,87,32,d4
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:93,d3,78,41,3a,26,cd,01
.
[HKEY_USERS\S-1-5-21-3411245652-3336226874-965968342-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9c,74,78,c7,0d,64,07,96,71,e4,b9,4a,9c,31,73,57,36,4f,ef,0a,d5,42,7b,
81,bb,4d,75,27,11,db,0c,89,f7,04,e4,85,3a,df,60,1e,45,a3,79,2b,5e,23,23,79,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3411245652-3336226874-965968342-1000\Software\SecuROM\License information*]
"datasecu"=hex:31,1c,d4,b1,01,ff,63,0e,be,3a,ee,50,11,56,dc,db,99,28,c9,74,02,
55,01,3b,0f,79,dc,0d,ba,22,44,a7,52,67,9b,f2,a2,c1,fe,a9,90,3f,39,45,67,f4,\
"rkeysecu"=hex:95,86,77,47,23,19,4b,69,20,36,f1,b6,bb,24,2e,2f
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-09 00:08:17
ComboFix-quarantined-files.txt 2014-10-08 22:08
ComboFix2.txt 2014-10-08 17:22
ComboFix3.txt 2014-10-08 11:20
.
Vor Suchlauf: 24 Verzeichnis(se), 255.535.472.640 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 255.386.628.096 Bytes frei
.
- - End Of File - - BE0E82E32E4E153229FF33572C044E4A
A36C5E4F47E84449FF07ED3517B43A31
Geändert von DeadCorpse (08.10.2014 um 12:36 Uhr) |
|
09.10.2014, 19:54
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2014, 17:40
| #5 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Der MBAM Log ist ein paar Tage älter da ich bereits einen test gemacht hatte, der jetzige hat nichts weiter gefunden. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.10.2014 Suchlauf-Zeit: 14:01:22 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.06.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Hyrican Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 377282 Verstrichene Zeit: 1 Std, 56 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 105 PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [b9c25db4d6a634024dc76868bb4741bf], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [b9c25db4d6a634024dc76868bb4741bf], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [b9c25db4d6a634024dc76868bb4741bf], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [b9c25db4d6a634024dc76868bb4741bf], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [99e2f8196d0f34027b9824ac9f6330d0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [99e2f8196d0f34027b9824ac9f6330d0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [99e2f8196d0f34027b9824ac9f6330d0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [99e2f8196d0f34027b9824ac9f6330d0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [99e2f8196d0f34027b9824ac9f6330d0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [7209f41d4b314aec0512d5fb57abe818], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [7209f41d4b314aec0512d5fb57abe818], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [7209f41d4b314aec0512d5fb57abe818], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E155F23C-9931-47c6-A619-20E6FCA86D75}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F905535E-9C87-4a3f-8A3E-4E3B54C461C5}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F905535E-9C87-4a3f-8A3E-4E3B54C461C5}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\GutscheinCodes.GutscheinCodesBHO, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\GutscheinCodes.GutscheinCodesBHO.1, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GutscheinCodes.GutscheinCodesBHO, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GutscheinCodes.GutscheinCodesBHO.1, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.WebCheck.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [de9d36dbc6b6b2843c5ceaab8e740df3], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [007bea2789f374c29f461284996940c0], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [d5a6f41d215b7fb73ed7a62a7c86629e], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [c1ba8b86cbb1191d307debafda289b65], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [c1ba8b86cbb1191d307debafda289b65], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [c1ba8b86cbb1191d307debafda289b65], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [c1ba8b86cbb1191d307debafda289b65], PUP.Optional.Babylon.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [ceadb958dd9f3df9576775204cb6be42], PUP.Optional.Babylon.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [ceadb958dd9f3df9576775204cb6be42], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [c4b7759c05774aec1e88f1e159a94bb5], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [c4b7759c05774aec1e88f1e159a94bb5], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [c4b7759c05774aec1e88f1e159a94bb5], PUP.Optional.ConduitTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.ConduitTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [1d5e67aa601c49ed898de4ec48ba6d93], PUP.Optional.SilentInstall.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{924C3DC2-8E4E-432E-F973-9A2174A39774}, In Quarantäne, [cfaccc45f488af870102e3ec11f1cd33], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, In Quarantäne, [562534dd6517b5815ecdc85abf44d52b], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, In Quarantäne, [5e1dd8392c50da5c989326fc40c3758b], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, In Quarantäne, [ec8f848df38972c48d9f8e943ac923dd], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [6c0fdf327b01b680c275dc807391d729], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [7902e928b4c871c558ed96aff1126e92], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, In Quarantäne, [4b30f120e29aa4920a21d34f4bb8bd43], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, In Quarantäne, [a1da3fd2fb8161d588a35bc7f3107789], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, In Quarantäne, [aecd2ae7542839fdc96349d97291ad53], PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dacechnliklhcacondhhkkfobapdopee, In Quarantäne, [d9a20d04146875c170e914f9c93a46ba], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, In Quarantäne, [f487030e3646a88e1c403cf17e8559a7], PUP.Optional.1ClickDownLoader.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmlghpafmmnmmkjdhacccolfgnkiboco, In Quarantäne, [1f5cf21f99e3d561f4ffd8536b98a45c], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [e2992de414688fa7c6d0ea7130d4af51], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [4635ed24f8845dd91c349cc2be465ba5], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [ccafb25f225a0e284faef06b52b2bb45], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [0477848dacd082b4eb65a8b610f4669a], Malware.Trace, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, In Quarantäne, [c4b7e52cc8b47eb81321f5f201025ba5], PUP.Optional.CrossRider.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [d2a909086f0d4cea35b8016d5ca8a15f], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [f7845ab794e87abc3cbe1bf4a55ed32d], PUP.Optional.Softonic.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [3d3e8f823547e254f89458db53b09e62], PUP.Optional.SweetIM.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [f685ee238def2e081e77312a917319e7], Registrierungswerte: 7 PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{30F9B915-B755-4826-820B-08FBA6BD249D}, Conduit Engine, In Quarantäne, [1665c051c6b63df9e68d0e8a1de559a7] PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{30F9B915-B755-4826-820B-08FBA6BD249D}, In Quarantäne, [f685e72ae19b0b2b6211e0b88b7740c0], Trojan.Agent, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, C:\Users\Hyrican\AppData\Roaming\WinDir\Svchost.exe, In Quarantäne, [4734947d225ad660bfdeea0557ac1ae6] PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{52b0f3db-f988-4788-b9dc-861d016f4487}, C:\Program Files (x86)\Web Check\WebCheck.xpi, In Quarantäne, [e596be533d3f4ee800b608156e95f50b] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 11111111, In Quarantäne, [e2992de414688fa7c6d0ea7130d4af51] PUP.Optional.SweetIM.A, HKU\S-1-5-21-3411245652-3336226874-965968342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 11111111, In Quarantäne, [f685ee238def2e081e77312a917319e7] Trojan.Agent, HKU\S-1-5-21-3411245652-3336226874-965968342-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, C:\Users\Administrator\AppData\Roaming\WinDir\Svchost.exe, In Quarantäne, [cead070a2359b97d7ba5fa60d42f2ad6] Registrierungsdaten: 0 (No malicious items detected) Ordner: 43 PUP.Optional.DownloadGuide.A, C:\Users\Hyrican\AppData\Local\DownloadGuide, In Quarantäne, [a7d427ea621aa393e21aed78bf4521df], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\1ABD29D2005F4052B43435FBB106660E, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\8371CC2EB3A94E0F81A39869000B9025, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\OpenCandy_DCF7A44E3FC64AFCA4F411EA0CD116FA, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.Conduit.A, C:\Users\Hyrican\AppData\Local\Temp\CT3326313, In Quarantäne, [3348dd34e29ad85e72a1bc275ca6b54b], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\html, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\defaults, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\locale, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\dom, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\event, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\events, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\traits, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\window, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\lib, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\tests, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\defaults, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\defaults\preferences, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale\en-US, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\META-INF, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\skin, In Quarantäne, [106b16fb314b38fee09b7870689af50b], Dateien: 186 Adware.Agent, C:\ProgramData\InstallMate\{FA304269-B55C-48EF-AA04-FD7E21D3609F}\Custom.dll, In Quarantäne, [ff7c0c05ccb0a6904f622938738e1ee2], PUP.Optional.SilentInstall.A, C:\ProgramData\saafe ssaVea\uninstall.exe, In Quarantäne, [2556b55cbbc16accc7cf93888978718f], Hacktool.CheatEngine, C:\Users\Hyrican\Desktop\Neues Textdokument.rar, In Quarantäne, [e893ab66aece4ceabf88ce6cf01050b0], Hacktool.CheatEngine, C:\Users\Hyrican\Desktop\Sins of a Solar Empire Rebellion V1.0.1.0 Trainer +8 MrAntiFun.EXE, In Quarantäne, [2655cb46592390a667e09e9cec1416ea], Trojan.Agent, C:\Windows\SysWOW64\Neuz.exe, In Quarantäne, [1d5e828f750787af34472100e21e5ca4], Hacktool.CheatEngine, C:\Users\Hyrican\AppData\Local\Temp\wz36ea\Sins of a Solar Empire Rebellion V1.0.1.0 Trainer +8 MrAntiFun.EXE, In Quarantäne, [205bf021cbb1033374d356e4bf412ed2], PUP.Optional.BundleInstaller.A, C:\Users\Hyrican\Downloads\FreeFileViewerSetup.exe, In Quarantäne, [4833e22f017ba39356f8d8bd29d813ed], PUP.Optional.Conduit.A, C:\Users\Hyrican\Downloads\SpilgamesAirStrike2_12817.exe, In Quarantäne, [80fb5eb3215b73c37d2bf4517789aa56], PUP.Optional.AdLyrics.A, C:\Users\Hyrican\AppData\Local\DownloadGuide\addlyrics.exe, In Quarantäne, [accfe22f235940f63bd5af935ca934cc], PUP.Optional.CrossRider, C:\Users\Hyrican\AppData\Local\DownloadGuide\plus-hd-3-8.exe, In Quarantäne, [5823977a631957df5893cc6824ddb44c], Trojan.Agent, C:\Users\Hyrican\AppData\Roaming\WinDir\Svchost.exe, In Quarantäne, [4734947d225ad660bfdeea0557ac1ae6], PUP.Optional.DownloadGuide.A, C:\Users\Hyrican\AppData\Local\DownloadGuide\amazon.ico, In Quarantäne, [a7d427ea621aa393e21aed78bf4521df], PUP.Optional.DownloadGuide.A, C:\Users\Hyrican\AppData\Local\DownloadGuide\PaperBall_Setup_recommendation.exe, In Quarantäne, [a7d427ea621aa393e21aed78bf4521df], PUP.Optional.DownloadGuide.A, C:\Users\Hyrican\AppData\Local\DownloadGuide\strongvault.exe, In Quarantäne, [a7d427ea621aa393e21aed78bf4521df], PUP.Optional.DownloadGuide.A, C:\Users\Hyrican\AppData\Local\DownloadGuide\youtube-dlm_Setup_product-website_en-US.exe, In Quarantäne, [a7d427ea621aa393e21aed78bf4521df], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\1ABD29D2005F4052B43435FBB106660E\5472.ico, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\1ABD29D2005F4052B43435FBB106660E\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\8371CC2EB3A94E0F81A39869000B9025\5472.ico, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\8371CC2EB3A94E0F81A39869000B9025\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\OpenCandy_DCF7A44E3FC64AFCA4F411EA0CD116FA\2359.ico, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\OpenCandy_DCF7A44E3FC64AFCA4F411EA0CD116FA\avg-800341.exe, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.OpenCandy, C:\Users\Hyrican\AppData\Roaming\OpenCandy\OpenCandy_DCF7A44E3FC64AFCA4F411EA0CD116FA\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [5b2063ae502c1e18aeeff4ee9b670cf4], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\manifest.json, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\html\background.html, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images\icon.16.png, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\images\icon.48.png, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\background.js, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\dt.txt, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\ex.js, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownLoader.A, C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.9_0\js\jquery.js, In Quarantäne, [9edd819080fc54e257dc1bccb34fab55], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\bootstrap.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\harness-options.json, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\icon.png, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\icon64.png, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\install.rdf, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\locales.json, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences\prefs.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\locale\en-GB.json, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\locale\eo.json, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\locale\fr-FR.json, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\index.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\moz_favicon.ico, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\pagemod-css-include-file.css, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\test-context-menu.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\test-page-mod.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\test-page-worker.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\test-page-worker.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\data\test.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\context-menu.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\page-mod.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\page-worker.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\request.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\simple-storage.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\tabs.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\addon-kit\lib\windows.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data\content-proxy.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data\test-content-symbiont.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data\test-message-manager.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data\test-trusted-document.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\data\worker.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\api-utils.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\base.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\byte-streams.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\channel.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\collection.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\cortex.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\environment.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\errors.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\events.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\file.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\functional.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\globals!.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\light-traits.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\list.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\match-pattern.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\memory.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\message-manager.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\namespace.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\observer-service.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\preferences-service.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\process.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\querystring.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\runtime.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\sandbox.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\self!.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\system.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\text-streams.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\timer.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\traceback.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\traits.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\unload.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\url.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\uuid.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\window-utils.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\xhr.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\xpcom.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\xul-app.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content\loader.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content\worker.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\dom\events.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\event\core.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\event\target.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\events\assembler.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs\events.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\traits\core.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils\data.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils\object.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils\registry.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\window\utils.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows\dom.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows\loader.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows\observer.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data\background.html, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data\bg.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data\dt.txt, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data\ex.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\data\jquery.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.1ClickDownload.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\OneClickDownload@OneClickDownload.com\resources\oneclickdownloader\lib\main.js, In Quarantäne, [8eeda36eafcd0c2a9658a83f857d0ff1], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\build.sh, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\chrome.manifest, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\config_build.sh, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\install.rdf, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\readme.txt, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content\about.xul, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content\firefoxOverlay.xul, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content\options.xul, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content\overlay.js, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\content\y2layers.jpg, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale\en-US\about.dtd, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\META-INF\manifest.mf, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\META-INF\zigbert.rsa, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\META-INF\zigbert.sf, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\skin\overlay.css, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.Yontoo.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\plugin@yontoo.com\skin\toolbar-button.png, In Quarantäne, [106b16fb314b38fee09b7870689af50b], PUP.Optional.CrossRider.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14131dbf9d02fe8f3a23b4b1dd9a5a5e");), Ersetzt,[6714ab66245832046ab828203acb03fd] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[3d3e37dabbc1270f87ab54f48184f010] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.babTrack", "affID=100842");), Ersetzt,[aad125ec493347ef939f4800c63f2fd1] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.bbDpng", 24);), Ersetzt,[7ffcba57067693a370c2a5a35ea70cf4] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[89f2ff12ea922d09102205431de8b14f] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltSrch", true);), Ersetzt,[85f6030e47357eb8141e0d3b699ca759] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.firstRun", false);), Ersetzt,[afcc9879512bbb7bd35f4bfd3ec740c0] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.hmpg", true);), Ersetzt,[037823ee8cf084b2e54d78d00104639d] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "f0191c30000000000000001c4affb31b");), Ersetzt,[8af18988621ae05652e0ef5965a0fb05] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15209");), Ersetzt,[81facc45d0ac83b3a58d8abe10f53fc1] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[37442ae7dba1a98d2a08113715f020e0] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f0191c30000000000000001c4affb31b&tlver=1.4.35.10&affID=100842");), Ersetzt,[bac13dd497e5e452c36f4bfde61f19e7] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastDP", 24);), Ersetzt,[2952e829344835014de5390fe61f1ae6] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1015:50:01");), Ersetzt,[8eed5fb25d1f0531e94964e4dd289967] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[1269d63b522a8da979b956f21ce925db] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[8af117fa82fa96a031010444867f817f] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.ptch_0717", true);), Ersetzt,[abd0e62b0d6f79bdf2409fa98f76728e] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.smplGrp", "none");), Ersetzt,[3c3f27eaceae67cf36fc81c73dc8b64a] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.srcExt", "ss");), Ersetzt,[daa1729ff8840135cf6317317b8a37c9] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");), Ersetzt,[0873df32b8c4f442b87acc7c42c3af51] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[accf2ee34537a690cf63ee5aec1921df] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");), Ersetzt,[2d4ea36ec1bbdb5b5ad8a1a7996c5ca4] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1015:50:01");), Ersetzt,[aecd53be2a520c2ab77b3315e91c8080] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[4f2c48c9ceae48ee3cf64800af562cd4] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[116a20f185f781b544eedf699570e818] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=2912_6");), Ersetzt,[94e731e06517da5c2f03390f4db85ea2] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "f0191c3000000000000000e04c42168e");), Ersetzt,[a9d2a8692b510234250db890e61f22de] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "f0191c3000000000000000e04c42168e");), Ersetzt,[81fa44cdfa822f078fa3a1a79a6bec14] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15543");), Ersetzt,[0f6c729f7b011e18f53d5fe90df804fc] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[017a828f245881b5230fff497b8a04fc] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[0e6d5bb6f28a989ed45e2a1e7d884cb4] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[bcbfea275527d95de052de6af312b14f] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[7b003ad72755a5919a9894b463a2ef11] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[9cdfb9587a020531072b89bf44c1d22e] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[fc7fed24720a063082b0c385b154bd43] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[88f30f02e09cce68270b74d4d13438c8] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:36:24");), Ersetzt,[7dfefa17de9e2f0756dc4404dd28cd33] PUP.Optional.Babylon.A, C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[2d4e69a87dffc670b082e662a65f6d93] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 06/10/2014 um 21:00:15
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Hyrican - HYRICAN-PC
# Gestartet von : C:\Users\Hyrican\Downloads\adwcleaner_3.311.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\user.js
Ordner Gefunden : C:\Program Files (x86)\1ClickDownload
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\AVG Security Toolbar
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Free Video Converter
Ordner Gefunden : C:\Program Files (x86)\SoftwareUpdater
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\AlawarWrapper
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe ssaVea
Ordner Gefunden : C:\ProgramData\saafe ssaVea
Ordner Gefunden : C:\ProgramData\StarApp
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\AlawarWrapper
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolaihphklpfbofmnobenghdgjdibnco
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Software Updater
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Software_Updater
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\SoftwareUpdater
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Temp\AVG Secure Search
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Temp\hotspot shield
Ordner Gefunden : C:\Users\Hyrican\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\Hyrican\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Hyrican\AppData\LocalLow\BittorrentBar_DE
Ordner Gefunden : C:\Users\Hyrican\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Hyrican\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Hyrican\AppData\LocalLow\GutscheinCodes
Ordner Gefunden : C:\Users\Hyrican\AppData\Roaming\BabylonToolbar
Ordner Gefunden : C:\Users\Hyrican\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Hyrican\AppData\Roaming\YourFileDownloader
Ordner Gefunden : C:\Users\Public\Documents\AlawarWrapper
***** [ Tasks ] *****
Task Gefunden : Software Updater Ui
Task Gefunden : Software Updater
Task Gefunden : Your File Updater
Task Gefunden : YourFile Update
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Bitberry
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : HKCU\Software\Microsoft\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKCU\Software\anchorfree
Schlüssel Gefunden : [x64] HKCU\Software\AVG Secure Search
Schlüssel Gefunden : [x64] HKCU\Software\Bitberry
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Babylon
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\BittorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Wow6432Node\AppID\GutscheinCodes.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BF6DDF0-FF52-479B-AAD3-D5F3A4D9C61F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82404B19-489E-4932-A4AD-C48FAD4971CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gamespy-arcade_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gamespy-arcade_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mdk-murder-death-kill_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mdk-murder-death-kill_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bittorrent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bittorrent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_process-tamer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_process-tamer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FA44AE29-02B7-4241-B875-4D3E2A8EBE61}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com/?cid={40AF989C-0092-441B-A937-1D0453B3F02A}&mid=15703d05d59f47d180d9d1550c1b5ae8-94111bb5affa4e730c98ee544cf4a60371c42a18&lang=en&ds=tg027&pr=sa&d=2011-09-20 14:34:34&v=13.2.0.5&sap=hp
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://isearch.avg.com/tab?cid={40AF989C-0092-441B-A937-1D0453B3F02A}&mid=15703d05d59f47d180d9d1550c1b5ae8-94111bb5affa4e730c98ee544cf4a60371c42a18&lang=en&ds=tg027&pr=sa&d=2011-09-20 14:34:34&v=9.0.0.22&sap=nt
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\prefs.js ]
Zeile gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
Zeile gefunden : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Zeile gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gefunden : user_pref("extensions.51e0667d4c687.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/15[...]
Zeile gefunden : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers");
Zeile gefunden : user_pref("extentions.y2layers.installId", "68e89f23-5844-4d00-a5a7-053a1e8e8885");
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [22279 octets] - [06/10/2014 21:00:15]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22340 octets] ##########
Hier die JRT Logs Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hyrican on 10.10.2014 at 16:39:13,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{8DA04D15-6AB2-4E6F-95EB-E53B59F84001}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\FastStone Image Viewer
Successfully deleted: [Folder] "C:\Users\Hyrican\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Hyrican\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Hyrican\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Hyrican\appdata\local\{08805FC4-8957-476D-AF6F-462312588858}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Hyrican\AppData\Roaming\mozilla\firefox\profiles\1aaltssf.default\minidumps [418 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.10.2014 at 16:52:00,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
10.10.2014, 18:11
| #6 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Hier die FRST Logs FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Hyrican (administrator) on HYRICAN-PC on 10-10-2014 18:42:15
Running from C:\Users\Hyrican\Desktop
Loaded Profiles: Hyrican & Administrator (Available profiles: Hyrican & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Pokki] => C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: J - J:\AUTOSTARTER.EXE
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {0eff6dbe-56cd-11e0-bb1d-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {a797dc9a-bb50-11e0-94b6-001c4affb31b} - I:\Startme.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {ae8a1d02-5cf4-11e0-864b-1c6f655e30ab} - K:\pushinst.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {bd062b40-6a33-11e1-ba80-806e6f6e6963} - J:\AUTOSTARTER.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk
ShortcutTarget: IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {433873CA-9CAC-4077-970F-B979F744826D} URL =
SearchScopes: HKCU - {A058447C-D01F-44A6-8FA1-7447C8D5B0DD} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Winsock: Catalog5 10 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 10 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: [NameServer] 192.168.1.1,194.25.2.129
FireFox:
========
FF ProfilePath: C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Hyrican\AppData\Local\Roblox\Versions\version-1ff4978f36a64477\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hyrican\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2-Blue - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\djziggy@gmail.com [2013-11-19]
FF Extension: LavaFox V2-Purple - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom555@aol.com [2014-09-15]
FF Extension: BlackFox V2 - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom@hotmail.com [2014-02-16]
FF Extension: No Name - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-10-16]
FF Extension: Bloody Red - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2012-05-22]
FF Extension: Long URL Please - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\longurlplease@darragh.curran.xpi [2011-05-15]
FF Extension: YouTube Unblocker - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-04-08]
FF Extension: Stylish - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-08]
FF Extension: Adblock Plus - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-12]
Chrome:
=======
CHR Profile: C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-08]
CHR Extension: (Google Docs) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Google Tabellen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S4 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [107040 2014-06-17] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3885424 2011-01-19] (INCA Internet Co., Ltd.) [File not signed]
S4 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [1852928 2012-02-10] (Proxy Labs) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-06] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [62752 2012-06-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-09] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-10-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-10] () [File not signed]
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va003; \??\C:\Users\Hyrican\AppData\Local\Temp\00365D7.tmp [X]
S3 X6va005; \??\C:\Users\Hyrican\AppData\Local\Temp\0056ECB.tmp [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 16:52 - 2014-10-10 16:52 - 00002516 _____ () C:\Users\Hyrican\Desktop\JRT.txt
2014-10-10 16:37 - 2014-10-10 16:37 - 00000000 ____D () C:\windows\ERUNT
2014-10-10 16:34 - 2014-10-10 16:35 - 01705755 _____ (Thisisu) C:\Users\Hyrican\Downloads\JRT.exe
2014-10-10 16:30 - 2014-10-10 16:30 - 00071945 _____ () C:\Users\Hyrican\Desktop\mbam.txt
2014-10-09 00:08 - 2014-10-09 00:08 - 00034192 _____ () C:\ComboFix.txt
2014-10-08 23:12 - 2014-10-09 00:08 - 00000000 ____D () C:\ComboFix
2014-10-08 19:40 - 2014-10-08 19:40 - 03237460 _____ () C:\Users\Hyrican\Desktop\AutoRuns.arn
2014-10-08 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-08 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-08 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-08 12:35 - 2014-10-09 00:08 - 00000000 ____D () C:\Qoobox
2014-10-08 12:34 - 2014-10-08 13:17 - 00000000 ____D () C:\windows\erdnt
2014-10-08 12:32 - 2014-10-08 12:33 - 05582481 ____R (Swearware) C:\Users\Hyrican\Desktop\ComboFix.exe
2014-10-08 11:32 - 2014-10-08 12:18 - 00057863 _____ () C:\Users\Hyrican\Desktop\Addition.txt
2014-10-08 11:26 - 2014-10-10 18:42 - 00026638 _____ () C:\Users\Hyrican\Desktop\FRST.txt
2014-10-08 11:25 - 2014-10-10 18:45 - 00000000 ____D () C:\FRST
2014-10-08 11:20 - 2014-10-08 11:22 - 02109952 _____ (Farbar) C:\Users\Hyrican\Desktop\FRST64.exe
2014-10-07 18:23 - 2014-10-07 18:23 - 00000180 _____ () C:\windows\system32\avgrep.txt
2014-10-07 17:56 - 2014-10-07 17:56 - 01140378 _____ () C:\Users\Hyrican\Desktop\cc_20141007_175632.reg
2014-10-07 17:52 - 2014-10-07 17:52 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-07 17:52 - 2014-10-07 17:52 - 00000829 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-10-07 17:52 - 2014-10-07 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 17:48 - 2014-10-07 17:50 - 03836936 _____ (Piriform Ltd) C:\Users\Hyrican\Downloads\ccsetup418_slim.exe
2014-10-07 15:18 - 2014-10-07 15:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\Documents\Simply Super Software
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-10-07 15:11 - 2014-10-07 15:11 - 21407864 _____ (Simply Super Software ) C:\Users\Hyrican\Downloads\trjsetup690.exe
2014-10-07 15:03 - 2014-10-07 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 14:48 - 2014-10-07 14:48 - 00001153 _____ () C:\Users\Hyrican\Desktop\CrystalDiskInfo.lnk
2014-10-07 14:48 - 2014-10-07 14:48 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-10-07 14:47 - 2014-10-07 14:47 - 02996728 _____ (Crystal Dew World ) C:\Users\Hyrican\Downloads\CrystalDiskInfo6_2_1.exe
2014-10-07 14:34 - 2014-10-07 14:34 - 00511633 _____ () C:\Users\Hyrican\Downloads\Autoruns_1203.zip
2014-10-06 21:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-06 21:00 - 2014-10-07 12:55 - 00000000 ____D () C:\AdwCleaner
2014-10-06 20:58 - 2014-10-06 20:59 - 01375089 _____ () C:\Users\Hyrican\Downloads\adwcleaner_3.311.exe
2014-10-05 17:04 - 2014-10-10 12:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 17:03 - 2014-10-05 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-10-06 12:30 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 17:02 - 2014-10-05 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-04 14:50 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-04 14:43 - 2014-10-04 14:43 - 00005508 _____ () C:\Users\Hyrican\Downloads\a67cd6abb888fd6e27e44f36c2e6d475.dlc
2014-10-04 12:00 - 2014-10-04 12:07 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 22:04 - 2014-09-30 22:05 - 00222184 _____ (Deposit Files) C:\Users\Hyrican\Downloads\dfdownloader_pxL0ph_.exe
2014-09-26 20:54 - 2014-09-26 20:56 - 00000000 ____D () C:\Users\Hyrican\Desktop\BQuake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\Quake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II
2014-09-26 19:47 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2014-09-26 19:45 - 2014-09-26 19:45 - 00000000 ____D () C:\Users\Hyrican\Desktop\Quake2
2014-09-25 18:31 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-25 18:31 - 2014-09-25 18:31 - 00000899 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-09-25 18:31 - 2014-09-25 18:31 - 00000899 _____ () C:\ProgramData\Desktop\Guild Wars 2.lnk
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-09-25 18:30 - 2014-09-25 18:31 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-25 18:29 - 2014-09-25 18:30 - 26068984 _____ (ArenaNet) C:\Users\Hyrican\Downloads\Gw2Setup.exe
2014-09-25 16:05 - 2014-09-25 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 21:18 - 2014-09-25 16:11 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CSO
2014-09-24 15:26 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-24 15:26 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 18:35 - 2014-09-21 18:36 - 00174080 _____ (Igor Pavlov) C:\Users\Hyrican\Downloads\Uprising 2 - Lead and Destroy.exe.part
2014-09-21 13:10 - 2014-09-27 22:49 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000902 _____ () C:\Users\Hyrican\Desktop\Open Broadcaster Software.lnk
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-21 13:09 - 2014-09-21 13:10 - 07406196 _____ () C:\Users\Hyrican\Downloads\OBS_0_635b_Installer.exe
2014-09-20 23:30 - 2014-09-20 23:34 - 00000000 ____D () C:\Users\Hyrican\Desktop\mcserver2
2014-09-20 22:59 - 2014-09-27 21:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\MCserver
2014-09-20 22:58 - 2014-09-20 22:58 - 10769744 _____ () C:\Users\Hyrican\Downloads\minecraft_server.1.8.exe
2014-09-20 22:58 - 2014-09-20 22:58 - 00000185 _____ () C:\Users\Hyrican\Downloads\eula.txt
2014-09-20 22:58 - 2014-09-20 22:58 - 00000062 _____ () C:\Users\Hyrican\Downloads\server.properties
2014-09-20 11:35 - 2014-09-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-20 10:15 - 2014-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-11 17:59 - 2014-09-12 14:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\steeze_rhud
2014-09-11 17:57 - 2014-09-11 17:57 - 00000000 ____D () C:\Users\Hyrican\Desktop\RHUD-master
2014-09-11 08:57 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Hyrican\Desktop\autoruns.exe
2014-09-10 23:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 23:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 16:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 16:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 16:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 16:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 16:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 16:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 16:16 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 16:16 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 18:25 - 2014-05-12 15:20 - 00000956 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
2014-10-10 18:16 - 2012-04-01 10:18 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 18:09 - 2011-09-21 21:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-10 18:03 - 2012-01-27 17:00 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 17:04 - 2012-01-27 17:00 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 15:25 - 2014-05-12 15:20 - 00000904 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
2014-10-10 14:52 - 2011-03-25 12:48 - 01831362 _____ () C:\windows\WindowsUpdate.log
2014-10-10 11:35 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:35 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:11 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-10 11:11 - 2009-07-14 06:51 - 00161859 _____ () C:\windows\setupact.log
2014-10-09 18:35 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-09 14:01 - 2011-01-18 11:46 - 01175260 _____ () C:\windows\PFRO.log
2014-10-08 23:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-10-08 15:05 - 2011-04-03 16:24 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Skype
2014-10-08 14:45 - 2011-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-08 14:36 - 2012-09-30 17:43 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\LogMeIn Hamachi
2014-10-08 13:05 - 2012-02-19 02:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 18:39 - 2014-08-20 11:33 - 00000000 ____D () C:\Users\Hyrican\Desktop\Gang Beasts
2014-10-07 14:35 - 2013-01-15 17:23 - 02498560 ___SH () C:\Users\Hyrican\Desktop\Thumbs.db
2014-10-06 16:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-10-05 17:03 - 2011-04-20 13:45 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-05 13:01 - 2012-03-24 12:17 - 00000000 ____D () C:\Users\Administrator
2014-10-05 12:47 - 2011-03-28 12:39 - 00000000 ____D () C:\Users\Hyrican
2014-10-05 12:45 - 2013-08-20 22:03 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\puush
2014-10-05 12:45 - 2013-03-26 12:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Warframe
2014-10-05 12:45 - 2011-11-09 21:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Akamai
2014-10-05 12:45 - 2011-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-05 12:45 - 2011-04-02 09:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-05 12:45 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-05 12:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-10-04 17:13 - 2011-06-26 15:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CrashDumps
2014-10-04 15:43 - 2012-11-03 00:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Origin
2014-10-04 09:59 - 2011-11-11 16:32 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Skyrim
2014-10-03 10:37 - 2014-06-09 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-10-03 10:37 - 2012-01-29 10:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-10-03 10:16 - 2012-08-02 21:07 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\.minecraft
2014-10-02 23:24 - 2011-05-31 18:01 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\vlc
2014-09-28 21:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-27 11:53 - 2011-01-18 09:26 - 00415771 _____ () C:\windows\DirectX.log
2014-09-27 10:24 - 2012-05-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 21:24 - 2011-04-13 07:00 - 00000000 ____D () C:\Temp
2014-09-24 21:16 - 2013-02-02 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-24 17:16 - 2012-04-01 10:18 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:16 - 2012-04-01 10:18 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:16 - 2011-05-16 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2011-01-18 14:24 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 22:51 - 2014-02-23 21:46 - 00007591 _____ () C:\Users\Hyrican\AppData\Local\Resmon.ResmonCfg
2014-09-20 23:26 - 2014-08-17 10:49 - 00000000 ____D () C:\Users\Hyrican\Desktop\Bukkit-Bleeding-master
2014-09-20 14:25 - 2011-06-05 11:24 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 22:02 - 2011-04-02 18:47 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\SoftGrid Client
2014-09-19 19:49 - 2011-07-18 14:38 - 00000021 _____ () C:\windows\EC_List.txt.bak
2014-09-10 23:16 - 2011-04-02 18:46 - 01624388 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:16 - 2009-07-14 19:58 - 00710352 _____ () C:\windows\system32\perfh007.dat
2014-09-10 23:16 - 2009-07-14 19:58 - 00154530 _____ () C:\windows\system32\perfc007.dat
2014-09-10 23:15 - 2009-07-14 07:13 - 01624388 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-10 23:14 - 2011-06-23 18:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 23:14 - 2011-06-23 18:15 - 00002155 _____ () C:\windows\epplauncher.mif
2014-09-10 23:13 - 2011-06-23 18:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 23:13 - 2011-06-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 23:11 - 2014-05-06 22:46 - 00000000 ___SD () C:\windows\system32\CompatTel
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 04:09
==================== End Of Log ============================
|
|
11.10.2014, 11:54
| #7 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen AdwCleaner musst du auch löschen lassen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 08:39
| #8 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Ich habe ein paar Ordner mit Spielen von der Suche ausgeschlossen da sich der Scan daran immer Festbeißt und 30 Minuten oder mehr für einen Ordner brauch, hoffe der Scan wird heute noch fertig. Geändert von DeadCorpse (12.10.2014 um 09:18 Uhr) |
|
12.10.2014, 14:20
| #9 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 20:57
| #10 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen ESET Logs Wie soll ich das jetzt löschen, noch ein Scan, dieses mal mit der Optionen das es gelöscht werden soll? Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Users\Hyrican\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx.vir Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Hyrican\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll.vir Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Hyrican\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll.vir Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Hyrican\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll.vir Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Hyrican\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll.vir Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\ads_only_5_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\arcadi2_m[2].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\arcadi3_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\corticas_ru_m[1].js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\getdeal_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\ibario_pops_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\intext_fa_m[1].js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\LyricsGet_1060-1054_v122[1].exe Win32/Packed.ScrambleWrapper.D evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\revizer_p_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\superfish_pricora_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MASD4B\widdit_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\coupons_intext_ads_5_m[2].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\intext_adv_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\luck_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\monetizationLoader[1].js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\similar_web_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\superfish_m[1].js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\superfish_no_coupons_m[1].js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LT8VJT6\superfish_no_search_no_coupons_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DLPS4FE\50onred_ads_only_no_fb_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DLPS4FE\cortica_rollover_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DLPS4FE\coupish_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DLPS4FE\icm_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\arcadi2_sourceID_m[2].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\corticas_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\cortica_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\dealply_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\icm1_5_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\intext_5_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\jollywallet_m[1].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIIW4ILO\revizer_ws_m[2].js JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung
C:\Users\Hyrican\Downloads\CrystalDiskInfo6_2_1.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Hyrican\Downloads\VLC media player 64 Bit - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Windows\Installer\24dc7e.msi Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
AVG AntiVirus Free Edition 2014
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Trojan Remover 6.9.1.2931
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
JavaFX 2.1.1
Java(TM) 6 Update 26
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (32.0.3)
Mozilla Thunderbird 13.0.1 Thunderbird out of Date!
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
ESET ESET Online Scanner OnlineScannerApp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Hyrican (administrator) on HYRICAN-PC on 12-10-2014 21:58:35
Running from C:\Users\Hyrican\Desktop
Loaded Profiles: Hyrican & Administrator (Available profiles: Hyrican & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\qimlsrv.exe
(Comvigo, Inc.) C:\Windows\SysWOW64\dsrviml.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WINZIP32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Run: [Pokki] => C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: J - J:\AUTOSTARTER.EXE
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {0eff6dbe-56cd-11e0-bb1d-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {a797dc9a-bb50-11e0-94b6-001c4affb31b} - I:\Startme.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {ae8a1d02-5cf4-11e0-864b-1c6f655e30ab} - K:\pushinst.exe
HKU\S-1-5-21-3411245652-3336226874-965968342-500\...\MountPoints2: {bd062b40-6a33-11e1-ba80-806e6f6e6963} - J:\AUTOSTARTER.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk
ShortcutTarget: IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {433873CA-9CAC-4077-970F-B979F744826D} URL =
SearchScopes: HKCU - {A058447C-D01F-44A6-8FA1-7447C8D5B0DD} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Winsock: Catalog5 10 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 10 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: [NameServer] 192.168.1.1,194.25.2.129
FireFox:
========
FF ProfilePath: C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Hyrican\AppData\Local\Roblox\Versions\version-1ff4978f36a64477\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hyrican\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2-Blue - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\djziggy@gmail.com [2013-11-19]
FF Extension: LavaFox V2-Purple - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom555@aol.com [2014-09-15]
FF Extension: BlackFox V2 - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom@hotmail.com [2014-02-16]
FF Extension: No Name - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-10-16]
FF Extension: Bloody Red - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2012-05-22]
FF Extension: Long URL Please - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\longurlplease@darragh.curran.xpi [2011-05-15]
FF Extension: YouTube Unblocker - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-04-08]
FF Extension: Stylish - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-08]
FF Extension: Adblock Plus - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-12]
Chrome:
=======
CHR Profile: C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-08]
CHR Extension: (Google Docs) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Google Tabellen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S4 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [107040 2014-06-17] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3885424 2011-01-19] (INCA Internet Co., Ltd.) [File not signed]
S4 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [1852928 2012-02-10] (Proxy Labs) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-06] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [62752 2012-06-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-09] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-10-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-10] () [File not signed]
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va003; \??\C:\Users\Hyrican\AppData\Local\Temp\00365D7.tmp [X]
S3 X6va005; \??\C:\Users\Hyrican\AppData\Local\Temp\0056ECB.tmp [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 21:58 - 2014-10-12 21:58 - 00000000 ____D () C:\Users\Hyrican\Desktop\FRST-OlderVersion
2014-10-12 21:12 - 2014-10-12 21:12 - 00854417 _____ () C:\Users\Hyrican\Downloads\SecurityCheck.exe
2014-10-12 21:11 - 2014-10-12 21:11 - 00006414 _____ () C:\Users\Hyrican\Desktop\eset.txt
2014-10-11 13:41 - 2014-10-11 13:41 - 02347384 _____ (ESET) C:\Users\Hyrican\Downloads\esetsmartinstaller_deu.exe
2014-10-10 16:52 - 2014-10-10 16:52 - 00002516 _____ () C:\Users\Hyrican\Desktop\JRT.txt
2014-10-10 16:37 - 2014-10-10 16:37 - 00000000 ____D () C:\windows\ERUNT
2014-10-10 16:34 - 2014-10-10 16:35 - 01705755 _____ (Thisisu) C:\Users\Hyrican\Downloads\JRT.exe
2014-10-10 16:30 - 2014-10-10 16:30 - 00071945 _____ () C:\Users\Hyrican\Desktop\mbam.txt
2014-10-09 00:08 - 2014-10-09 00:08 - 00034192 _____ () C:\ComboFix.txt
2014-10-08 23:12 - 2014-10-09 00:08 - 00000000 ____D () C:\ComboFix
2014-10-08 19:40 - 2014-10-08 19:40 - 03237460 _____ () C:\Users\Hyrican\Desktop\AutoRuns.arn
2014-10-08 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-08 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-08 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-08 12:35 - 2014-10-09 00:08 - 00000000 ____D () C:\Qoobox
2014-10-08 12:34 - 2014-10-08 13:17 - 00000000 ____D () C:\windows\erdnt
2014-10-08 12:32 - 2014-10-08 12:33 - 05582481 ____R (Swearware) C:\Users\Hyrican\Desktop\ComboFix.exe
2014-10-08 11:32 - 2014-10-08 12:18 - 00057863 _____ () C:\Users\Hyrican\Desktop\Addition.txt
2014-10-08 11:26 - 2014-10-12 21:58 - 00026650 _____ () C:\Users\Hyrican\Desktop\FRST.txt
2014-10-08 11:25 - 2014-10-12 21:58 - 00000000 ____D () C:\FRST
2014-10-08 11:20 - 2014-10-12 21:58 - 02110464 _____ (Farbar) C:\Users\Hyrican\Desktop\FRST64.exe
2014-10-07 18:23 - 2014-10-07 18:23 - 00000180 _____ () C:\windows\system32\avgrep.txt
2014-10-07 17:56 - 2014-10-07 17:56 - 01140378 _____ () C:\Users\Hyrican\Desktop\cc_20141007_175632.reg
2014-10-07 17:52 - 2014-10-07 17:52 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-07 17:52 - 2014-10-07 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 17:48 - 2014-10-07 17:50 - 03836936 _____ (Piriform Ltd) C:\Users\Hyrican\Downloads\ccsetup418_slim.exe
2014-10-07 15:18 - 2014-10-07 15:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\Documents\Simply Super Software
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-10-07 15:11 - 2014-10-07 15:11 - 21407864 _____ (Simply Super Software ) C:\Users\Hyrican\Downloads\trjsetup690.exe
2014-10-07 15:03 - 2014-10-07 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 14:48 - 2014-10-07 14:48 - 00001153 _____ () C:\Users\Hyrican\Desktop\CrystalDiskInfo.lnk
2014-10-07 14:48 - 2014-10-07 14:48 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-10-07 14:47 - 2014-10-07 14:47 - 02996728 _____ (Crystal Dew World ) C:\Users\Hyrican\Downloads\CrystalDiskInfo6_2_1.exe
2014-10-07 14:34 - 2014-10-07 14:34 - 00511633 _____ () C:\Users\Hyrican\Downloads\Autoruns_1203.zip
2014-10-06 21:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-06 21:00 - 2014-10-07 12:55 - 00000000 ____D () C:\AdwCleaner
2014-10-06 20:58 - 2014-10-06 20:59 - 01375089 _____ () C:\Users\Hyrican\Downloads\adwcleaner_3.311.exe
2014-10-05 17:04 - 2014-10-10 12:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 17:03 - 2014-10-05 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-10-06 12:30 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 17:02 - 2014-10-05 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-04 14:50 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-04 14:43 - 2014-10-04 14:43 - 00005508 _____ () C:\Users\Hyrican\Downloads\a67cd6abb888fd6e27e44f36c2e6d475.dlc
2014-10-04 12:00 - 2014-10-04 12:07 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 22:04 - 2014-09-30 22:05 - 00222184 _____ (Deposit Files) C:\Users\Hyrican\Downloads\dfdownloader_pxL0ph_.exe
2014-09-26 20:54 - 2014-09-26 20:56 - 00000000 ____D () C:\Users\Hyrican\Desktop\BQuake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\Quake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II
2014-09-26 19:47 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2014-09-26 19:45 - 2014-09-26 19:45 - 00000000 ____D () C:\Users\Hyrican\Desktop\Quake2
2014-09-25 18:31 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-25 18:31 - 2014-09-25 18:31 - 00000899 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-09-25 18:30 - 2014-09-25 18:31 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-25 18:29 - 2014-09-25 18:30 - 26068984 _____ (ArenaNet) C:\Users\Hyrican\Downloads\Gw2Setup.exe
2014-09-25 16:05 - 2014-09-25 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 21:18 - 2014-09-25 16:11 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CSO
2014-09-24 15:26 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-24 15:26 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 18:35 - 2014-09-21 18:36 - 00174080 _____ (Igor Pavlov) C:\Users\Hyrican\Downloads\Uprising 2 - Lead and Destroy.exe.part
2014-09-21 13:10 - 2014-09-27 22:49 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000902 _____ () C:\Users\Hyrican\Desktop\Open Broadcaster Software.lnk
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-21 13:09 - 2014-09-21 13:10 - 07406196 _____ () C:\Users\Hyrican\Downloads\OBS_0_635b_Installer.exe
2014-09-20 23:30 - 2014-09-20 23:34 - 00000000 ____D () C:\Users\Hyrican\Desktop\mcserver2
2014-09-20 22:59 - 2014-09-27 21:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\MCserver
2014-09-20 22:58 - 2014-09-20 22:58 - 10769744 _____ () C:\Users\Hyrican\Downloads\minecraft_server.1.8.exe
2014-09-20 22:58 - 2014-09-20 22:58 - 00000185 _____ () C:\Users\Hyrican\Downloads\eula.txt
2014-09-20 22:58 - 2014-09-20 22:58 - 00000062 _____ () C:\Users\Hyrican\Downloads\server.properties
2014-09-20 11:35 - 2014-09-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-20 10:15 - 2014-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 21:25 - 2014-05-12 15:20 - 00000956 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
2014-10-12 21:16 - 2012-04-01 10:18 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 21:03 - 2012-01-27 17:00 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 18:55 - 2011-05-31 18:01 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\vlc
2014-10-12 18:50 - 2011-06-26 15:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CrashDumps
2014-10-12 17:07 - 2012-01-27 17:00 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 16:57 - 2011-03-25 12:48 - 02046068 _____ () C:\windows\WindowsUpdate.log
2014-10-12 15:25 - 2014-05-12 15:20 - 00000904 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
2014-10-12 10:53 - 2011-06-05 11:24 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-10-12 09:47 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:47 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:25 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-12 09:24 - 2009-07-14 06:51 - 00161971 _____ () C:\windows\setupact.log
2014-10-10 19:17 - 2011-09-21 21:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-09 18:35 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-09 14:01 - 2011-01-18 11:46 - 01175260 _____ () C:\windows\PFRO.log
2014-10-08 23:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-10-08 15:05 - 2011-04-03 16:24 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Skype
2014-10-08 14:45 - 2011-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-08 14:36 - 2012-09-30 17:43 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\LogMeIn Hamachi
2014-10-08 13:05 - 2012-02-19 02:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 18:39 - 2014-08-20 11:33 - 00000000 ____D () C:\Users\Hyrican\Desktop\Gang Beasts
2014-10-07 14:35 - 2013-01-15 17:23 - 02498560 ___SH () C:\Users\Hyrican\Desktop\Thumbs.db
2014-10-06 16:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-10-05 17:03 - 2011-04-20 13:45 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-05 13:01 - 2012-03-24 12:17 - 00000000 ____D () C:\Users\Administrator
2014-10-05 12:47 - 2011-03-28 12:39 - 00000000 ____D () C:\Users\Hyrican
2014-10-05 12:45 - 2013-08-20 22:03 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\puush
2014-10-05 12:45 - 2013-03-26 12:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Warframe
2014-10-05 12:45 - 2011-11-09 21:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Akamai
2014-10-05 12:45 - 2011-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-05 12:45 - 2011-04-02 09:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-05 12:45 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-05 12:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-10-04 15:43 - 2012-11-03 00:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Origin
2014-10-04 09:59 - 2011-11-11 16:32 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Skyrim
2014-10-03 10:37 - 2014-06-09 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-10-03 10:37 - 2012-01-29 10:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-10-03 10:16 - 2012-08-02 21:07 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\.minecraft
2014-09-28 21:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-27 11:53 - 2011-01-18 09:26 - 00415771 _____ () C:\windows\DirectX.log
2014-09-27 10:24 - 2012-05-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 21:24 - 2011-04-13 07:00 - 00000000 ____D () C:\Temp
2014-09-24 21:16 - 2013-02-02 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-24 17:16 - 2012-04-01 10:18 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:16 - 2012-04-01 10:18 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:16 - 2011-05-16 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2011-01-18 14:24 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 22:51 - 2014-02-23 21:46 - 00007591 _____ () C:\Users\Hyrican\AppData\Local\Resmon.ResmonCfg
2014-09-20 23:26 - 2014-08-17 10:49 - 00000000 ____D () C:\Users\Hyrican\Desktop\Bukkit-Bleeding-master
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 22:02 - 2011-04-02 18:47 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\SoftGrid Client
2014-09-19 19:49 - 2011-07-18 14:38 - 00000021 _____ () C:\windows\EC_List.txt.bak
2014-09-12 14:10 - 2014-09-11 17:59 - 00000000 ____D () C:\Users\Hyrican\Desktop\steeze_rhud
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 04:09
==================== End Of Log ============================
--- --- --- Geändert von DeadCorpse (12.10.2014 um 21:08 Uhr) |
|
13.10.2014, 15:48
| #11 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Nee das machen wir anders. Download Ordner leeren. Java, Adobe und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk
ShortcutTarget: IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2014, 19:22
| #12 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Nunja, mein PC ist durch all diese Sachen in den letzten Tagen schon schneller geworden, starten braucht anstatt 1 1/2 Stunden nurnoch um die 20-30 Minuten und er ist teilweise akzeptabel benutzbar, aber meine alte Geschwindigkeit ist noch nicht erreicht ;o, scheint noch irgendwo etwas zu sein. Also wenn er dann endlich wieder in 2 min Hochfährt ist alles beim alten. Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014
Ran by Hyrican at 2014-10-13 19:33:31 Run:1
Running from C:\Users\Hyrican\Desktop
Loaded Profiles: Hyrican & Administrator (Available profiles: Hyrican & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\Windows\System32\iml.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk
ShortcutTarget: IML64.lnk -> C:\Windows\SysWOW64\iml.vbs ()
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
Emptytemp:
*****************
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk => Moved successfully.
C:\Windows\System32\iml.vbs => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IML64.lnk => Moved successfully.
C:\Windows\SysWOW64\iml.vbs => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
EmptyTemp: => Removed 4.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Hyrican (administrator) on HYRICAN-PC on 13-10-2014 20:22:51
Running from C:\Users\Hyrican\Desktop
Loaded Profile: Hyrican (Available profiles: Hyrican & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Akamai Technologies, Inc.) C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hyrican\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3411245652-3336226874-965968342-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
Startup: C:\Users\Hyrican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk
ShortcutTarget: IML.lnk -> C:\windows\system32\iml.vbs (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {433873CA-9CAC-4077-970F-B979F744826D} URL =
SearchScopes: HKCU - {A058447C-D01F-44A6-8FA1-7447C8D5B0DD} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: AutorunsDisabled - No CLSID Value - No File
Filter-x32: AutorunsDisabled - No CLSID Value - No File
Winsock: Catalog5 10 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 10 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{793AB8D4-1BA8-44D9-87EB-EB7B65A9F5F2}: [NameServer] 192.168.1.1,194.25.2.129
FireFox:
========
FF ProfilePath: C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell -> C:\Users\Hyrican\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Hyrican\AppData\Local\Roblox\Versions\version-1ff4978f36a64477\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 -> C:\Users\Hyrican\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hyrican\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2-Blue - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\djziggy@gmail.com [2013-11-19]
FF Extension: LavaFox V2-Purple - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom555@aol.com [2014-09-15]
FF Extension: BlackFox V2 - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\zigboom@hotmail.com [2014-02-16]
FF Extension: No Name - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-10-16]
FF Extension: Bloody Red - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2012-05-22]
FF Extension: Long URL Please - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\longurlplease@darragh.curran.xpi [2011-05-15]
FF Extension: YouTube Unblocker - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-04-08]
FF Extension: Stylish - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-08]
FF Extension: Adblock Plus - C:\Users\Hyrican\AppData\Roaming\Mozilla\Firefox\Profiles\1aaltssf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-12]
Chrome:
=======
CHR Profile: C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-08]
CHR Extension: (Google Docs) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Google Tabellen) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Hyrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S4 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [107040 2014-06-17] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3885424 2011-01-19] (INCA Internet Co., Ltd.) [File not signed]
S4 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [1852928 2012-02-10] (Proxy Labs) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-06] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [62752 2012-06-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-09] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-10-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-10] () [File not signed]
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Hyrican\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va003; \??\C:\Users\Hyrican\AppData\Local\Temp\00365D7.tmp [X]
S3 X6va005; \??\C:\Users\Hyrican\AppData\Local\Temp\0056ECB.tmp [X]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 19:15 - 2014-10-13 19:15 - 00614418 _____ () C:\Users\Hyrican\Desktop\nfs2se01.tga
2014-10-13 12:56 - 2014-10-13 12:56 - 01976320 _____ () C:\Users\Hyrican\Desktop\adwcleaner_4.000.exe
2014-10-12 23:18 - 2014-10-12 23:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-12 23:18 - 2014-10-12 23:18 - 00001986 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-12 23:18 - 2014-10-12 23:18 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Oracle
2014-10-12 23:17 - 2014-10-12 23:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-12 23:11 - 2014-10-12 23:10 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-12 23:11 - 2014-10-12 23:10 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-12 23:11 - 2014-10-12 23:10 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-12 23:11 - 2014-10-12 23:10 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-12 22:24 - 2014-10-12 22:24 - 00000000 _____ () C:\windows\SysWOW64\RENC8DD.tmp
2014-10-12 22:24 - 2014-10-12 22:24 - 00000000 _____ () C:\windows\SysWOW64\RENC8CD.tmp
2014-10-12 22:24 - 2014-10-12 22:24 - 00000000 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-10-12 21:12 - 2014-10-12 21:12 - 00854417 _____ () C:\Users\Hyrican\Desktop\SecurityCheck.exe
2014-10-12 21:11 - 2014-10-12 21:11 - 00006414 _____ () C:\Users\Hyrican\Desktop\eset.txt
2014-10-10 16:52 - 2014-10-10 16:52 - 00002516 _____ () C:\Users\Hyrican\Desktop\JRT.txt
2014-10-10 16:37 - 2014-10-10 16:37 - 00000000 ____D () C:\windows\ERUNT
2014-10-10 16:34 - 2014-10-10 16:35 - 01705755 _____ (Thisisu) C:\Users\Hyrican\Desktop\JRT.exe
2014-10-10 16:30 - 2014-10-10 16:30 - 00071945 _____ () C:\Users\Hyrican\Desktop\mbam.txt
2014-10-09 00:08 - 2014-10-09 00:08 - 00034192 _____ () C:\ComboFix.txt
2014-10-08 23:12 - 2014-10-09 00:08 - 00000000 ____D () C:\ComboFix
2014-10-08 19:40 - 2014-10-08 19:40 - 03237460 _____ () C:\Users\Hyrican\Desktop\AutoRuns.arn
2014-10-08 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-08 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-08 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-08 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-08 12:35 - 2014-10-09 00:08 - 00000000 ____D () C:\Qoobox
2014-10-08 12:34 - 2014-10-08 13:17 - 00000000 ____D () C:\windows\erdnt
2014-10-08 12:32 - 2014-10-08 12:33 - 05582481 ____R (Swearware) C:\Users\Hyrican\Desktop\ComboFix.exe
2014-10-08 11:32 - 2014-10-08 12:18 - 00057863 _____ () C:\Users\Hyrican\Desktop\Addition.txt
2014-10-08 11:26 - 2014-10-13 20:22 - 00024248 _____ () C:\Users\Hyrican\Desktop\FRST.txt
2014-10-08 11:25 - 2014-10-13 20:23 - 00000000 ____D () C:\FRST
2014-10-08 11:20 - 2014-10-12 21:58 - 02110464 _____ (Farbar) C:\Users\Hyrican\Desktop\FRST64.exe
2014-10-07 18:23 - 2014-10-07 18:23 - 00000180 _____ () C:\windows\system32\avgrep.txt
2014-10-07 17:56 - 2014-10-07 17:56 - 01140378 _____ () C:\Users\Hyrican\Desktop\cc_20141007_175632.reg
2014-10-07 17:52 - 2014-10-07 17:52 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-07 17:52 - 2014-10-07 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 15:18 - 2014-10-07 15:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\Documents\Simply Super Software
2014-10-07 15:17 - 2014-10-07 15:17 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-10-07 15:16 - 2014-10-07 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-10-07 15:03 - 2014-10-07 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 14:48 - 2014-10-07 14:48 - 00001153 _____ () C:\Users\Hyrican\Desktop\CrystalDiskInfo.lnk
2014-10-07 14:48 - 2014-10-07 14:48 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-10-06 21:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-06 21:00 - 2014-10-13 13:05 - 00000000 ____D () C:\AdwCleaner
2014-10-05 17:04 - 2014-10-10 12:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 17:03 - 2014-10-05 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-10-06 12:30 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 17:02 - 2014-10-05 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-05 17:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-04 14:50 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-04 12:00 - 2014-10-04 12:07 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-26 20:54 - 2014-09-26 20:56 - 00000000 ____D () C:\Users\Hyrican\Desktop\BQuake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\Quake2
2014-09-26 19:49 - 2014-09-26 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II
2014-09-26 19:47 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2014-09-26 19:45 - 2014-09-26 19:45 - 00000000 ____D () C:\Users\Hyrican\Desktop\Quake2
2014-09-25 18:31 - 2014-10-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-25 18:31 - 2014-09-25 18:31 - 00000899 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-09-25 18:30 - 2014-09-25 18:31 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Guild Wars 2
2014-09-25 16:05 - 2014-09-25 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 21:18 - 2014-09-25 16:11 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CSO
2014-09-24 15:26 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-24 15:26 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 13:10 - 2014-09-27 22:49 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000902 _____ () C:\Users\Hyrican\Desktop\Open Broadcaster Software.lnk
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files\OBS
2014-09-21 13:10 - 2014-09-21 13:10 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-20 23:30 - 2014-09-20 23:34 - 00000000 ____D () C:\Users\Hyrican\Desktop\mcserver2
2014-09-20 22:59 - 2014-09-27 21:10 - 00000000 ____D () C:\Users\Hyrican\Desktop\MCserver
2014-09-20 11:35 - 2014-09-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-20 10:15 - 2014-09-20 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 20:25 - 2014-05-12 15:20 - 00000956 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000UA.job
2014-10-13 20:19 - 2011-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-13 20:17 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:17 - 2009-07-14 06:45 - 00023376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:16 - 2012-04-01 10:18 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 20:03 - 2012-01-27 17:00 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 20:02 - 2013-01-15 17:23 - 02498560 ___SH () C:\Users\Hyrican\Desktop\Thumbs.db
2014-10-13 20:01 - 2012-01-27 17:00 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 20:00 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 20:00 - 2009-07-14 06:51 - 00162083 _____ () C:\windows\setupact.log
2014-10-13 19:52 - 2011-01-18 11:46 - 02516958 _____ () C:\windows\PFRO.log
2014-10-13 19:47 - 2011-03-25 12:48 - 01135176 _____ () C:\windows\WindowsUpdate.log
2014-10-13 19:33 - 2012-08-26 12:10 - 00000000 ____D () C:\windows\system32\temp
2014-10-13 19:21 - 2014-08-06 11:24 - 00282296 _____ () C:\windows\SysWOW64\PnkBstrB.exe
2014-10-13 19:21 - 2011-12-08 19:18 - 00282296 _____ () C:\windows\SysWOW64\PnkBstrB.xtr
2014-10-13 19:21 - 2011-04-03 16:24 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Skype
2014-10-13 19:20 - 2011-07-03 14:10 - 00282296 _____ () C:\windows\SysWOW64\PnkBstrB.ex0
2014-10-13 18:12 - 2011-06-05 11:24 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-10-13 17:42 - 2011-09-21 21:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-13 17:19 - 2013-03-26 12:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Warframe
2014-10-13 15:25 - 2014-05-12 15:20 - 00000904 _____ () C:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-3411245652-3336226874-965968342-1000Core.job
2014-10-13 13:50 - 2013-08-14 12:34 - 00000000 ____D () C:\windows\system32\MRT
2014-10-13 13:39 - 2011-05-31 18:01 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\vlc
2014-10-13 12:45 - 2011-06-26 15:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\CrashDumps
2014-10-13 12:38 - 2013-06-29 17:22 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Apps\2.0
2014-10-13 11:56 - 2011-11-11 16:32 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Skyrim
2014-10-13 10:57 - 2011-01-18 10:13 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 23:16 - 2013-11-19 18:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-12 23:15 - 2011-04-20 00:51 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Adobe
2014-10-12 22:24 - 2011-04-06 21:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-09 18:35 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-08 23:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-10-08 14:36 - 2012-09-30 17:43 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\LogMeIn Hamachi
2014-10-08 13:05 - 2012-02-19 02:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 18:39 - 2014-08-20 11:33 - 00000000 ____D () C:\Users\Hyrican\Desktop\Gang Beasts
2014-10-06 16:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-10-05 17:03 - 2011-04-20 13:45 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 17:02 - 2011-04-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-05 13:01 - 2012-03-24 12:17 - 00000000 ____D () C:\Users\Administrator
2014-10-05 12:47 - 2011-03-28 12:39 - 00000000 ____D () C:\Users\Hyrican
2014-10-05 12:45 - 2013-08-20 22:03 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\puush
2014-10-05 12:45 - 2011-11-09 21:30 - 00000000 ____D () C:\Users\Hyrican\AppData\Local\Akamai
2014-10-05 12:45 - 2011-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-05 12:45 - 2011-04-02 09:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-05 12:45 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-05 12:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-10-04 15:43 - 2012-11-03 00:08 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\Origin
2014-10-03 10:37 - 2014-06-09 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-10-03 10:37 - 2012-01-29 10:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-10-03 10:16 - 2012-08-02 21:07 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\.minecraft
2014-09-28 21:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-27 11:53 - 2011-01-18 09:26 - 00415771 _____ () C:\windows\DirectX.log
2014-09-27 10:24 - 2012-05-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 21:24 - 2011-04-13 07:00 - 00000000 ____D () C:\Temp
2014-09-24 21:16 - 2013-02-02 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-24 17:16 - 2012-04-01 10:18 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:16 - 2012-04-01 10:18 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:16 - 2011-05-16 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2011-01-18 14:24 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 22:51 - 2014-02-23 21:46 - 00007591 _____ () C:\Users\Hyrican\AppData\Local\Resmon.ResmonCfg
2014-09-20 23:26 - 2014-08-17 10:49 - 00000000 ____D () C:\Users\Hyrican\Desktop\Bukkit-Bleeding-master
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-20 10:15 - 2011-04-03 16:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 22:02 - 2011-04-02 18:47 - 00000000 ____D () C:\Users\Hyrican\AppData\Roaming\SoftGrid Client
2014-09-19 19:49 - 2011-07-18 14:38 - 00000021 _____ () C:\windows\EC_List.txt.bak
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 04:09
==================== End Of Log ============================
Geändert von DeadCorpse (13.10.2014 um 19:34 Uhr) |
|
14.10.2014, 13:42
| #13 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 21:41
| #14 |
| | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Das Programm hat nicht geholfen, ist noch so "schnell" wie vorher. Ich kenn mich mit sowas nich aus also hab ich kein Plan ;o Kann es sein das sich der Virus irgendwie im Arbeitsspeicher eingenistet hat und dadurch alles mögliche verlangsamt? Selbst bei Computerspielen sind die Ladezeiten sehr sehr lange. Die Auslastung des Arbeitsspeichers ist so wie immer. Geändert von DeadCorpse (14.10.2014 um 21:47 Uhr) |
|
15.10.2014, 18:34
| #15 |
| /// the machine /// TB-Ausbilder | Trojaner verlangsamt PC/diverse AntiVir. Tests haben nicht geholfen Malware ist da keine mehr. Deinstalliere mal AVG komplett.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
