|
Plagegeister aller Art und deren Bekämpfung: Search Protect vollständig beseitigt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.10.2014, 09:02 | #1 |
| Search Protect vollständig beseitigt? Hallo zusammen! Erst einmal ein dickes Lob an Euch und Eure Arbeit..gerade, weil ihr dafür auch eure Freizeit opfert! Nun zum Problem: Vorgestern fiel mir auf, dass in meiner Taskleiste rechts unten sich ein neues Symbol eingenistet hat: Ein orange-gelber Pfeil (oder sowas ähnliches). Wenn ich drauf geklickt habe ging ein kleines Fenster auf und man konnte Häkchen bei zwei Optionen (irgendetwas mit Yahoo) machen. Nach Recherche mit Google, bin ich darauf gestoßen, dass es sich wohl um "Search Protect" handeln muss..dabei bin ich dann auch auf Eure Seite gestoßen. Habe inzwischen (wegen anderer ähnlicher Posts) bereits malware, avast und adwkiller drüberlaufen lassen. Das Symbol ist jetzt auch weg. Könnte mir trotzdem einer von Euch helfen, um zu schauen, ob wirklich ALLES weg ist? Danke schonmal! Gruß, Till |
22.10.2014, 09:40 | #2 |
/// the machine /// TB-Ausbilder | Search Protect vollständig beseitigt? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.10.2014, 10:35 | #3 |
| Search Protect vollständig beseitigt? FRST
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014 Ran by Tilmann Eller (administrator) on SUPER-PC on 22-10-2014 11:28:29 Running from C:\Users\Tilmann Eller\Desktop Loaded Profile: Tilmann Eller (Available profiles: Tilmann Eller) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (Teruten) C:\Windows\System32\FsUsbExService.Exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Dropbox, Inc.) C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-22] (AVAST Software) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [Epson Stylus SX420W(Netzwerk)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation) Startup: C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01710AA7573ECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Tilmann Eller\AppData\Roaming\Mozilla\Firefox\Profiles\t13r4iu2.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DivX Web Player - C:\Users\Tilmann Eller\AppData\Roaming\Mozilla\Firefox\Profiles\t13r4iu2.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-09-05] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-22] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-22] (AVAST Software) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-07-18] (Teruten) [File not signed] R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-10-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-22] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-22] () R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 11:28 - 2014-10-22 11:29 - 00013747 _____ () C:\Users\Tilmann Eller\Desktop\FRST.txt 2014-10-22 11:28 - 2014-10-22 11:28 - 00000000 ____D () C:\FRST 2014-10-22 11:27 - 2014-10-22 11:28 - 01102336 _____ (Farbar) C:\Users\Tilmann Eller\Desktop\FRST.exe 2014-10-22 09:18 - 2014-10-22 09:18 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Virus 2014-10-22 09:17 - 2014-10-22 09:35 - 00000000 ____D () C:\AdwCleaner 2014-10-22 09:12 - 2014-10-22 09:13 - 01753736 _____ () C:\Users\Tilmann Eller\Downloads\Adaware114_Installer.exe 2014-10-22 09:00 - 2014-10-22 09:00 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\AVAST Software 2014-10-22 08:59 - 2014-10-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-10-22 08:58 - 2014-10-22 08:58 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-10-22 08:58 - 2014-10-22 08:58 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-10-22 08:58 - 2014-10-22 08:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-10-22 08:58 - 2014-10-22 08:58 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-10-22 08:57 - 2014-10-22 08:57 - 00000000 ____D () C:\Program Files\AVAST Software 2014-10-22 08:55 - 2014-10-22 08:57 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-10-21 20:35 - 2014-10-21 20:36 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\FUSSBALL MANAGER 13 2014-10-21 18:19 - 2014-10-21 18:20 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Left4Uncut 2014-10-21 18:18 - 2014-10-21 18:18 - 00561348 _____ () C:\Users\Tilmann Eller\Downloads\Uncut.zip 2014-10-21 18:00 - 2014-10-21 18:00 - 00022202 _____ () C:\Users\Tilmann Eller\Downloads\left4gore-2.3-windows.zip 2014-10-21 16:56 - 2014-10-21 16:56 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\My Games 2014-10-21 16:56 - 2014-10-21 16:56 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\My Games 2014-10-21 16:10 - 2014-10-21 16:10 - 00001178 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk 2014-10-21 16:10 - 2014-10-21 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13 2014-10-21 16:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-10-21 16:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-10-21 16:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-10-21 16:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-21 16:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-10-21 16:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-10-21 16:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-10-21 16:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-10-21 16:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-10-21 16:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-10-21 16:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-10-21 16:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-10-21 15:37 - 2014-10-21 15:42 - 00000000 ____D () C:\Program Files\Origin Games 2014-10-21 14:27 - 2014-10-21 15:37 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\Origin 2014-10-21 13:50 - 2014-10-21 13:50 - 00000214 _____ () C:\Users\Tilmann Eller\Desktop\Sid Meier's Civilization V.url 2014-10-20 20:09 - 2014-10-20 20:09 - 00000213 _____ () C:\Users\Tilmann Eller\Desktop\Left 4 Dead 2.url 2014-10-20 16:22 - 2014-10-21 13:50 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-20 16:22 - 2014-10-20 16:22 - 00000213 _____ () C:\Users\Tilmann Eller\Desktop\Portal 2.url 2014-10-20 15:18 - 2014-10-22 10:47 - 00000000 ____D () C:\Program Files\Steam 2014-10-20 15:18 - 2014-10-20 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-20 15:18 - 2014-10-20 15:18 - 00000875 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-10-20 14:37 - 2014-10-22 08:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 14:37 - 2014-10-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-20 14:36 - 2014-10-20 14:37 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-20 14:36 - 2014-10-20 14:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-20 14:36 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 14:36 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 14:36 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 14:05 - 2014-10-20 14:05 - 00000000 ____D () C:\ProgramData\EA Core 2014-10-20 13:31 - 2014-10-20 16:07 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-10-20 12:59 - 2014-10-21 17:57 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\Square Enix 2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\Windows\system32\AGEIA 2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2014-10-20 12:56 - 2014-10-20 12:56 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-20 12:56 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-10-20 12:56 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-10-20 12:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-10-20 12:56 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-10-20 12:56 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-10-20 12:56 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-10-20 12:56 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-10-20 12:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-10-20 12:56 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-10-20 12:56 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-10-20 12:56 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-10-20 12:56 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-10-20 12:56 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-10-20 12:56 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-10-20 12:56 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-10-20 12:56 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-10-20 12:56 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-10-20 12:56 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-10-20 12:56 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-10-20 12:56 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-10-20 12:56 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-10-20 12:56 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-10-20 12:56 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-10-20 12:56 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-10-20 12:56 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-10-20 12:56 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-10-20 12:56 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-10-20 12:56 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-10-20 12:56 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-10-20 12:56 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-10-20 12:56 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-10-20 12:56 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-10-20 12:56 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-10-20 12:56 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-10-20 12:56 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-10-20 12:56 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-10-20 12:56 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-10-20 12:56 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-10-20 12:56 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-10-20 12:56 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-10-20 12:56 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-10-20 12:56 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-10-20 12:56 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-10-20 12:56 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-10-20 12:56 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-10-20 12:56 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-10-20 12:56 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-10-20 12:56 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-10-20 12:56 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-10-20 12:56 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-10-20 12:56 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-10-20 12:56 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-10-20 12:56 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-10-20 12:54 - 2014-10-20 12:54 - 00000000 ____D () C:\Program Files\AMD 2014-10-20 12:54 - 2007-06-29 14:47 - 00034304 _____ (AMD, Inc.) C:\Windows\system32\Drivers\AmdLLD.sys 2014-10-16 14:53 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 14:53 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 14:53 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 14:53 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 14:53 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 14:53 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 14:53 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 14:53 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 14:53 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 14:53 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 14:53 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 14:53 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 14:53 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 14:53 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 14:53 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 14:53 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 14:53 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 14:53 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 14:53 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 14:53 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 14:53 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 14:53 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 14:53 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 14:53 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 14:53 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 14:53 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 14:53 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 14:53 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 14:53 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 14:53 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 14:53 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 14:53 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 14:53 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 14:53 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 14:53 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 14:50 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 14:50 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 14:50 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 14:50 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 14:50 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 14:50 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 14:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 14:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 14:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 14:49 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 14:49 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-09 13:36 - 2014-10-09 13:36 - 00001007 _____ () C:\Users\Tilmann Eller\Desktop\Winmail Opener.lnk 2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener 2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winmail Opener 2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\Program Files\Winmail Opener 2014-10-01 19:50 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-25 04:59 - 2014-09-25 04:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-24 12:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 11:01 - 2012-11-14 16:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-22 10:45 - 2014-05-15 18:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-22 10:45 - 2012-11-03 00:07 - 00000000 ____D () C:\ProgramData\Origin 2014-10-22 10:32 - 2012-09-05 17:10 - 01334310 _____ () C:\Windows\WindowsUpdate.log 2014-10-22 10:03 - 2012-11-03 00:07 - 00000000 ____D () C:\Program Files\Origin 2014-10-22 09:45 - 2014-05-15 18:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-22 09:44 - 2009-07-14 06:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-22 09:44 - 2009-07-14 06:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-22 09:35 - 2013-01-18 21:34 - 00000000 ___RD () C:\Users\Tilmann Eller\Dropbox 2014-10-22 09:35 - 2013-01-18 21:33 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Dropbox 2014-10-22 09:33 - 2010-11-20 23:48 - 00485242 _____ () C:\Windows\PFRO.log 2014-10-22 09:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-22 09:33 - 2009-07-14 06:39 - 00101392 _____ () C:\Windows\setupact.log 2014-10-21 20:34 - 2012-10-29 16:52 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-10-21 17:57 - 2012-09-05 17:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-21 17:55 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-21 15:37 - 2012-11-03 00:07 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Origin 2014-10-21 14:18 - 2012-11-03 00:07 - 00001092 _____ () C:\Windows\KB893803v2.log 2014-10-20 15:19 - 2012-09-05 17:19 - 00000000 ____D () C:\Users\Tilmann Eller 2014-10-20 14:32 - 2012-11-14 16:06 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-10-20 14:02 - 2012-10-29 16:36 - 00000000 ____D () C:\Program Files\Spiele 2014-10-20 12:54 - 2013-08-20 18:02 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\Downloaded Installations 2014-10-19 13:09 - 2014-04-29 16:20 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Umbau 2014 2014-10-19 13:04 - 2012-09-12 17:45 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\vlc 2014-10-19 12:51 - 2014-09-05 16:36 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Bilder Sept 2014 2014-10-17 13:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-10-17 13:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 18:31 - 2009-07-14 06:33 - 00437120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 18:29 - 2014-05-06 21:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 18:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-16 17:54 - 2013-08-16 03:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 17:51 - 2013-03-08 23:11 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 15:18 - 2013-08-18 18:29 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Claudi 2014-10-13 16:45 - 2010-11-20 23:01 - 01648704 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-09 13:37 - 2013-05-02 19:15 - 00000093 _____ () C:\Users\Tilmann Eller\AppData\default.pls 2014-10-08 16:59 - 2012-09-05 18:33 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Macromedia 2014-10-08 16:59 - 2012-09-05 18:32 - 00000000 ____D () C:\Windows\system32\Macromed 2014-10-02 15:53 - 2012-09-05 18:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-27 12:09 - 2013-08-22 17:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-24 18:01 - 2012-09-05 18:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-24 18:01 - 2012-09-05 18:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Tilmann Eller\AppData\Local\Temp\4ij0rfce.dll C:\Users\Tilmann Eller\AppData\Local\Temp\danz11et.dll C:\Users\Tilmann Eller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkg6pi2.dll C:\Users\Tilmann Eller\AppData\Local\Temp\kifehtb7.dll C:\Users\Tilmann Eller\AppData\Local\Temp\Quarantine.exe C:\Users\Tilmann Eller\AppData\Local\Temp\sqlite3.dll C:\Users\Tilmann Eller\AppData\Local\Temp\uninst1.exe C:\Users\Tilmann Eller\AppData\Local\Temp\vuue3jxs.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 15:36 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014 Ran by Tilmann Eller at 2014-10-22 11:30:04 Running from C:\Users\Tilmann Eller\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{A7DB362E-16DC-4E29-8A34-E74381E00B5B}) (Version: 10.1.4.020 - Adobe Systems, Inc.) Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin) Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden Der Herr der Ringe Online v03.03.05.8039 (HKLM\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.05.8039 - Turbine, Inc.) Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts) Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Duden Vorlagensammlung (HKLM\...\Duden Vorlagensammlung) (Version: - Bibliographisches Institut GmbH) Epson Easy Photo Print 2 (HKLM\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX420W Series Handbuch (HKLM\...\EPSON SX420W Series Manual) (Version: - ) EPSON SX420W Series Netzwerk-Handbuch (HKLM\...\EPSON SX420W Series Network Guide) (Version: - ) EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) EpsonNet Setup 3.2 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION) Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) FUSSBALL MANAGER 13 (HKLM\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft) Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Kies Air Discovery Service (HKCU\...\Kies Air Discovery Service) (Version: - Samsung) Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) M.U.D. TV (HKLM\...\{0BA08A7A-A883-44BA-B474-68A7530FB8EF}) (Version: 1.0.6.0 - Realmforge Studios GmbH) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 (HKLM\...\{BE282C23-5484-47FF-B2C1-EBEA5C891031}) (Version: 8.3.29 - Nero AG) neroxml (Version: 1.0.0 - Nero AG) Hidden NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.) PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - ) Portal 2 (HKLM\...\Steam App 620) (Version: - Valve) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-10-2014 15:49:03 Removed Microsoft Games for Windows - LIVE 20-10-2014 16:50:33 Removed Microsoft Games for Windows - LIVE Redistributable 21-10-2014 08:51:58 Windows Update 21-10-2014 11:34:39 DirectX wurde installiert 21-10-2014 14:09:04 DirectX wurde installiert 21-10-2014 15:54:09 Entfernt Batman: Arkham Asylum Game of the Year Edition 22-10-2014 06:57:33 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {236E5FBD-D5C0-427D-B9AC-3543DE7693E6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {301EE496-FACA-4A1D-8ECA-94ECAA418701} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {3C523288-4781-4766-A91C-E39764267194} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.) Task: {6DAAAA56-54B8-4D73-AA8D-BE0A8B873D1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {A374CA46-E6D4-411C-9289-E86FA7B86C6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-22] (AVAST Software) Task: {C20F3244-3257-491D-AAD9-7AC872548B53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.) Task: {C3764BF0-619C-4F78-95B3-294E901EEFDF} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] () Task: {D9C3E804-416F-4896-B240-7806B950D4C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-22 08:58 - 2014-10-22 08:58 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-22 09:16 - 2014-10-22 09:16 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102200\algo.dll 2012-10-21 17:12 - 2007-05-22 10:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll 2014-10-22 08:58 - 2014-10-22 08:58 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-10-17 13:10 - 2014-10-17 13:10 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\8efeedc04e0b39945c85acaec7d991de\Kies.Common.DeviceServiceLib.Interface.ni.dll 2014-10-17 13:11 - 2014-10-17 13:11 - 17280000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\5420374c1c1512f5da0d7db7f63f6b6d\Kies.Theme.ni.dll 2014-10-17 13:10 - 2014-10-17 13:10 - 01795072 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\443a64ac0c6e35fd958a51f972a9463f\Kies.UI.ni.dll 2014-10-17 13:10 - 2014-10-17 13:10 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\186c672b9e554bd4f43cfacd00bd7eda\Kies.MVVM.ni.dll 2014-10-17 13:10 - 2014-10-17 13:10 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll 2014-10-22 09:34 - 2014-10-22 09:34 - 00043008 _____ () c:\Users\Tilmann Eller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkg6pi2.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\libcef.dll 2014-09-25 04:59 - 2014-09-25 04:59 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-21 10:15 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files\Steam\libavcodec-56.dll 2014-08-21 10:15 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files\Steam\libavutil-54.dll 2014-08-21 10:15 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2014-09-03 11:28 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll 2014-09-22 20:32 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files\Steam\video.dll 2014-08-21 10:15 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files\Steam\libavformat-56.dll 2014-08-21 10:15 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2014-09-22 20:32 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2014-09-04 15:29 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files\Steam\bin\libcef.dll 2014-09-10 21:02 - 2014-09-10 21:02 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-520989056-2089718371-1745703678-500 - Administrator - Disabled) ASPNET (S-1-5-21-520989056-2089718371-1745703678-1002 - Limited - Enabled) Gast (S-1-5-21-520989056-2089718371-1745703678-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-520989056-2089718371-1745703678-1004 - Limited - Enabled) Tilmann Eller (S-1-5-21-520989056-2089718371-1745703678-1000 - Administrator - Enabled) => C:\Users\Tilmann Eller ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2014 10:45:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. Error: (10/22/2014 09:45:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. Error: (10/22/2014 09:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/22/2014 09:06:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/22/2014 08:58:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm instup.exe, Version 9.0.2021.515 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 41c Startzeit: 01cfedc537178c3e Endzeit: 60000 Anwendungspfad: C:\Users\TILMAN~1\AppData\Local\Temp\_av_iup.tm~a00552\instup.exe Berichts-ID: 98d86e0d-59b8-11e4-a5b0-001731700d55 Error: (10/22/2014 08:57:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary seskkibz. System Error: Das System kann die angegebene Datei nicht finden. . Error: (10/22/2014 08:57:30 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {8cc72639-de24-4bc9-86cc-5ee698a714bc} Error: (10/22/2014 08:45:06 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. Error: (10/22/2014 08:39:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/21/2014 10:45:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. System errors: ============= Error: (10/22/2014 09:34:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (10/20/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/20/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (10/20/2014 01:39:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/20/2014 01:39:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (10/16/2014 06:34:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2952664) Error: (10/11/2014 03:08:13 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/04/2014 09:43:27 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/21/2014 03:48:02 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (09/21/2014 03:48:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (07/13/2014 01:34:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 304 seconds with 180 seconds of active time. This session ended with a crash. Error: (06/29/2014 00:02:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24813 seconds with 1860 seconds of active time. This session ended with a crash. Error: (02/22/2014 00:48:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124 seconds with 1200 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of memory in use: 49% Total physical RAM: 2046.55 MB Available physical RAM: 1042.75 MB Total Pagefile: 4093.11 MB Available Pagefile: 2756 MB Total Virtual: 2175.88 MB Available Virtual: 2018.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:11.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: F399F399) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
22.10.2014, 19:13 | #4 |
/// the machine /// TB-Ausbilder | Search Protect vollständig beseitigt? Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Rest sieh gut aus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.10.2014, 10:46 | #5 |
| Search Protect vollständig beseitigt? Habe das Programm installiert...es gibt dort aber keinen Google update Helper. |
24.10.2014, 07:39 | #6 |
/// the machine /// TB-Ausbilder | Search Protect vollständig beseitigt? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Jetzt solltest Du es sehen
__________________ --> Search Protect vollständig beseitigt? |
24.10.2014, 09:16 | #7 |
| Search Protect vollständig beseitigt? Aha! Da isse! Du Fuchs! Ok, hab soweit alles gemacht wie du gesagt hast. Wars das? |
24.10.2014, 18:11 | #8 |
/// the machine /// TB-Ausbilder | Search Protect vollständig beseitigt? jo
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.10.2014, 11:44 | #9 |
| Search Protect vollständig beseitigt? Super, danke dir! |
29.10.2014, 08:11 | #10 |
/// the machine /// TB-Ausbilder | Search Protect vollständig beseitigt? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Search Protect vollständig beseitigt? |
anderer, avast, beseitigt, dickes, fenster, google, hallo zusammen, kleines, konnte, malware, neues, opfer, problem, protect, rechts, schonmal, search, seite, symbol, taskleiste, vollständig, wirklich, yahoo, zusammen, ähnliches |