| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe Problem mit jeden BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.10.2014, 19:51
| #1 |
 |  Habe Problem mit jeden Browser Hallo, unzwar habe ich am anfang google chrome gehabt und hat super funktioniert!! doch nach eine woche kamen übertrieben viele Werbungen und bei jedem klick in einer suchzeile, kam ich auf eine andere seite und habe auch gemerkt das mein Browser extrem langsam wurde.... deshalb griff ich zu Firefox und es lief alles super bis nach ein paar wochen das gleiche probelm auftraf...ich habe auch veschiedene typen von adblocker installiert aber es hat nichts gebracht...dann habe ich zu Opera gegriffen und es war auch der schnellste browser den ich hatte... aber nach ein paar wochen hat es wieder angefangen mit ganzen dreck...bitte um Schnelle hilfe...danke !!!!!  |
|
30.10.2014, 20:40
| #2 |
| /// the machine /// TB-Ausbilder    | Habe Problem mit jeden Browser hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
31.10.2014, 12:30
| #3 |
| | Habe Problem mit jeden Browser Addition tool:FRST Additions Logfile:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by waldemar at 2014-10-31 12:29:04
Running from C:\Users\waldemar\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adanak (HKLM\...\Adanak) (Version: 2014.10.27.102721 - Adanak) <==== ATTENTION
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BlockAndSurf (HKLM-x32\...\B4CDA78A-F867-A0F4-217F-BFC0EB40850C) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CouponARific (HKLM\...\CouponARific) (Version: - CouponARific) <==== ATTENTION
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.2.0.0 - Ubisoft)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.2.5 - SCS Software)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Garrys Mod version 14.04.19 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 14.04.19 - Strogino CS Portal)
Genesis (HKCU\...\genesis_10262239) (Version: - ) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.9.2421.748 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version: - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 12 (HKLM-x32\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NextCoup (HKLM-x32\...\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}) (Version: 2.1.0.1693 - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version: - Ragequit Corporation)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.6.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.6.2 beta - Martin Prikryl)
YoutubeAdBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 2.3.0.1512 - ) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 19:48:19 Geplanter Prüfpunkt
15-10-2014 05:32:02 Windows Update
17-10-2014 15:49:10 DirectX wurde installiert
23-10-2014 17:56:47 Installed iTunes
26-10-2014 23:16:46 Camtasia Studio 8 wird entfernt
30-10-2014 19:13:19 paint.net v4.0.3
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1AA262D6-F1B9-4682-AD1E-71947440113F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {249BD0B8-E049-491E-AF39-C894DCA1A0FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {26348C20-1E4F-4E0C-9D8C-EC68071662F5} - System32\Tasks\Opera scheduled Autoupdate 1412793520 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D30715C-8733-4677-951E-B3DF91081D60} - System32\Tasks\ASP => C:\Program Files (x86)\System Speedup\SystweakASP.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AFACFC6-3CFD-4A9B-817A-FC48ABE9FF48} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F627D27-AE01-401D-8968-75998CBAFBD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {553C4F61-C277-469C-947A-9D7FE38AD83F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5BACBFDB-8716-4F0B-82B3-2BF6DDFC8FCD} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E46FC74-3BCC-4853-BECC-059D1B85EF23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {94D23C85-5208-4674-BF10-DE018666DC06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B165B9D3-5ED9-4EB9-8C7F-A299AE9FDABE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D41AF43A-3D21-4AB8-831B-D1E022CDEFA0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D7B3370D-B10F-4275-95F1-B03BC38A20C6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2562A04-6A23-4BC3-88B5-2898FFA664B1} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-10-26] (LuckyTab)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F805A2F4-CD41-40C9-A61B-2FDDD2CFCC53} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe [2014-10-26] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-29 21:13 - 2014-09-29 21:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 21:13 - 2014-09-29 21:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2014-09-29 16:45 - 2014-09-29 16:45 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-10-27 23:07 - 2014-10-31 00:11 - 00123672 _____ () C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe
2014-10-20 17:26 - 2014-10-26 23:39 - 00104928 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-10-26 23:39 - 2014-10-26 23:39 - 00121856 _____ () C:\Program Files (x86)\ver2BlockAndSurf\BlockAndSurf.exe
2014-10-20 17:26 - 2014-10-26 23:39 - 00732128 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-10-26 23:39 - 2014-10-26 23:39 - 03112960 _____ () C:\Users\waldemar\AppData\Local\Genesis_10262239\Genesis_10262239.exe
2014-10-26 23:39 - 2014-10-26 23:39 - 00556544 _____ () C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
2014-10-27 11:33 - 2014-10-31 09:55 - 00523032 _____ () C:\Program Files (x86)\Adanak\updateAdanak.exe
2014-10-28 14:56 - 2014-10-31 09:58 - 00523032 _____ () C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
2014-10-28 14:57 - 2014-10-31 04:38 - 00098584 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
2014-10-28 14:57 - 2014-10-31 04:38 - 00114968 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
2014-10-28 14:57 - 2014-10-30 20:38 - 00352536 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
2014-10-28 14:57 - 2014-10-30 08:40 - 01649944 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BOASHelper.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-20 17:26 - 2014-10-26 23:39 - 00022496 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-10-30 20:42 - 2014-10-30 20:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-22 10:18 - 2012-06-08 04:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-26 06:24 - 2014-06-26 06:24 - 00612664 _____ () C:\Program Files (x86)\ver2BlockAndSurf\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\waldemar\OneDrive:ms-properties
AlternateDataStreams: C:\Users\waldemar\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: GlobalUpdater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPConnectedRemote => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WindowsMangerProtect => 2
HKLM\...\StartupApproved\StartupFolder: => "1.bat"
HKLM\...\StartupApproved\StartupFolder: => "2.bat"
HKLM\...\StartupApproved\StartupFolder: => "3.bat"
HKLM\...\StartupApproved\StartupFolder: => "4.bat"
HKLM\...\StartupApproved\StartupFolder: => "5.bat"
HKLM\...\StartupApproved\StartupFolder: => "6.bat"
HKLM\...\StartupApproved\StartupFolder: => "7.bat"
HKLM\...\StartupApproved\StartupFolder: => "8.bat"
HKLM\...\StartupApproved\StartupFolder: => "9.bat"
HKLM\...\StartupApproved\StartupFolder: => "zombiddos.vbs"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\Run: => "RGSC"
HKCU\...\StartupApproved\Run: => "Cracked Steam Service"
HKCU\...\StartupApproved\Run: => "Skype"
========================= Accounts: ==========================
Administrator (S-1-5-21-930745963-3632866088-1184878944-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-930745963-3632866088-1184878944-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-930745963-3632866088-1184878944-1004 - Limited - Enabled) => C:\Users\UpdatusUser
waldemar (S-1-5-21-930745963-3632866088-1184878944-1001 - Administrator - Enabled) => C:\Users\waldemar
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2014 00:39:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/30/2014 08:13:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0d5bd19b-1e81-4c12-88af-d20e28eaf736}
Error: (10/30/2014 09:41:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/30/2014 09:39:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/29/2014 08:35:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 25.0.1614.63 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 790
Startzeit: 01cff3359c218cda
Endzeit: 116
Anwendungspfad: C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe
Berichts-ID: 1483006e-5f3e-11e4-bea4-10604b7219c9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/29/2014 06:07:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 05:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 05:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 02:39:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/28/2014 10:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera.exe, Version: 25.0.1614.63, Zeitstempel: 0x544849d8
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00016d61
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0xopera.exe0
Pfad der fehlerhaften Anwendung: opera.exe1
Pfad des fehlerhaften Moduls: opera.exe2
Berichtskennung: opera.exe3
Vollständiger Name des fehlerhaften Pakets: opera.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: opera.exe5
System errors:
=============
Error: (10/31/2014 01:15:45 AM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:51:32 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:37:29 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/30/2014 10:30:31 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 10:07:37 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 09:42:36 PM) (Source: DCOM) (EventID: 10016) (User: MILLER)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MillerwaldemarS-1-5-21-930745963-3632866088-1184878944-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/30/2014 05:28:05 PM) (Source: DCOM) (EventID: 10010) (User: MILLER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/30/2014 05:28:05 PM) (Source: DCOM) (EventID: 10010) (User: MILLER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/30/2014 02:37:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (10/30/2014 11:52:05 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Microsoft Office Sessions:
=========================
Error: (10/31/2014 00:39:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/30/2014 08:13:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0d5bd19b-1e81-4c12-88af-d20e28eaf736}
Error: (10/30/2014 09:41:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/30/2014 09:39:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/29/2014 08:35:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe25.0.1614.6379001cff3359c218cda116C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe1483006e-5f3e-11e4-bea4-10604b7219c9
Error: (10/29/2014 06:07:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 05:20:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 05:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 02:39:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (10/28/2014 10:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe25.0.1614.63544849d8combase.dll6.3.9600.1703153086d7cc000000500016d61150801cff293d93ad9bfC:\Program Files (x86)\Opera\25.0.1614.63\opera.exeC:\WINDOWS\SYSTEM32\combase.dll7c8a036a-5e87-11e4-bea3-10604b7219c9
CodeIntegrity Errors:
===================================
Date: 2014-10-18 00:22:53.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 00:22:53.904
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-11 09:44:07.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-14 14:46:18.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Launch.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 19%
Total physical RAM: 12243.37 MB
Available physical RAM: 9893.21 MB
Total Pagefile: 13459.37 MB
Available Pagefile: 10512.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.61 GB) (Free:600.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.64 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (EFLC_DISC1) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8DAF223A)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST txt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by waldemar (administrator) on MILLER on 31-10-2014 12:28:29
Running from C:\Users\waldemar\Downloads
Loaded Profile: waldemar (Available profiles: waldemar & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe
(LuckyTab) C:\Program Files (x86)\LuckyTab\LuckyTab.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
() C:\Program Files (x86)\ver2BlockAndSurf\BlockAndSurf.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\waldemar\AppData\Local\Genesis_10262239\Genesis_10262239.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\ver2BlockAndSurf\i9BlockAndSurfz18.exe
() C:\Program Files (x86)\Adanak\updateAdanak.exe
() C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BOASHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [se] => C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [genesis_10262239] => c:\users\waldemar\appdata\local\genesis_10262239\genesis_10262239.exe [3112960 2014-10-26] ()
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Price-Horse] => C:\Users\waldemar\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\MountPoints2: {f487ac12-93c5-11e2-be6e-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:56472;https=127.0.0.1:56472
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe webssearches
SearchScopes: HKLM - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKLM-x32 - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M6501E07C-5D16-4F04-B9EB-7AAB54B94A7F&SearchSource=58&CUI=&UM=6&UP=SP577CB438-5C21-4F17-9DB6-606F921BBF3E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M6501E07C-5D16-4F04-B9EB-7AAB54B94A7F&SearchSource=58&CUI=&UM=6&UP=SP577CB438-5C21-4F17-9DB6-606F921BBF3E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414363158&from=exp&uid=ST1000DM003-9YN162_S1D7CZ8B&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20476&r=2014/10/17&hid=10824950958811862670&lg=EN&cc=DE&unqvl=64
SearchScopes: HKCU - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: BlockAndSurf -> {06E9A9E4-47D3-60DC-6D4D-71BD0D09B51D} -> C:\Program Files (x86)\ver2BlockAndSurf\181_x64.dll ()
BHO: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO: YoutubeAdBloCke -> {586d46e7-74c3-4eea-aa6b-067c00593774} -> C:\Program Files (x86)\YoutubeAdBloCke\ZxKKaD0h2HToOd.x64.dll ()
BHO: YoutubeAdBlocke -> {a7e602b2-c596-4ded-94df-5f51dec7cc2e} -> C:\Program Files (x86)\YoutubeAdBlocke\tnE7TlVZruGeTo.x64.dll ()
BHO: NextCoup -> {d37f98db-a4ba-4a88-ad72-a4b8ff332aec} -> C:\Program Files (x86)\NextCoup\FlFP2RATMVU7W1.x64.dll ()
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: BlockAndSurf -> {06E9A9E4-47D3-60DC-6D4D-71BD0D09B51D} -> C:\Program Files (x86)\ver2BlockAndSurf\181.dll ()
BHO-x32: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: YoutubeAdBlocke -> {a7e602b2-c596-4ded-94df-5f51dec7cc2e} -> C:\Program Files (x86)\YoutubeAdBlocke\tnE7TlVZruGeTo.dll ()
BHO-x32: NextCoup -> {d37f98db-a4ba-4a88-ad72-a4b8ff332aec} -> C:\Program Files (x86)\NextCoup\FlFP2RATMVU7W1.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adanak -> {ef05f09c-9b2a-43a0-8155-fab1d641215a} -> C:\Program Files (x86)\Adanak\Adanakbho.dll (Adanak)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469
FF NewTab:
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NextCoup - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\G@VuX1P.org [2014-10-28]
FF Extension: Adanak - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{21769883-19ae-4dd9-b522-3613333c3df7}.xpi [2014-10-28]
FF Extension: Adblock Plus - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\d8tsnf1e.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKCU\...\Firefox\Extensions: [{ED484659-965B-CCC8-527A-D9DE27A689A1}] - C:\Program Files (x86)\ver2BlockAndSurf\181.xpi
FF Extension: No Name - C:\Program Files (x86)\ver2BlockAndSurf\181.xpi [2014-10-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
CHR Profile: C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NextCoup) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei [2014-10-28]
CHR Extension: (HD for YouTube™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-09-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-29]
CHR Extension: (Skill Games) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\caibojmomcndolfkdcehpbbflooebmeg [2014-09-29]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-29]
CHR Extension: (Tumblr Collage) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcipfpihnkblbbemdagfdhjjeilli [2014-10-27]
CHR Extension: (Farbwechsel für Google ™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-09-29]
CHR Extension: (Red Ball) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-09-29]
CHR Extension: (BlockAndSurf) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifijaoidhdgkojflgknkjhfiflkcfkpi [2014-10-26]
CHR Extension: (HQVP-3.5V21.09) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2014-09-28]
CHR Extension: (OptOn) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocpknlaljmgfaafmhngmakmnilckkdc [2014-10-17]
CHR Extension: (Adblock Super) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-29]
CHR Extension: (GoSave) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl [2014-10-17]
CHR Extension: (SndLatr Beta for Gmail) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2014-10-24]
CHR Extension: (Google Wallet) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2014-09-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-10-26] (Cherished Technololgy LIMITED)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-09-10] (Microsoft Corporation)
R2 MaintainerSvc3.19.691608; C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe [123672 2014-10-31] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-09-10] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-09-29] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [523032 2014-10-31] ()
R2 Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [523032 2014-10-31] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-10] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [488960 2014-10-26] (Fuyu LIMITED) [File not signed]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-10-14] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-10] (Microsoft Corporation)
R2 webinstrNew; C:\WINDOWS\system32\Drivers\webinstrNew.sys [58040 2014-10-26] (Corsica)
R1 {21769883-19ae-4dd9-b522-3613333c3df7}Gw64; C:\Windows\System32\drivers\{21769883-19ae-4dd9-b522-3613333c3df7}Gw64.sys [48824 2014-10-28] (StdLib)
R1 {b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64; C:\Windows\System32\drivers\{b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64.sys [48824 2014-10-28] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 12:27 - 2014-10-31 12:28 - 00036756 _____ () C:\Users\waldemar\Downloads\Addition.txt
2014-10-31 12:26 - 2014-10-31 12:28 - 00025377 _____ () C:\Users\waldemar\Downloads\FRST.txt
2014-10-31 12:26 - 2014-10-31 12:28 - 00000000 ____D () C:\FRST
2014-10-31 12:26 - 2014-10-31 12:26 - 02113536 _____ (Farbar) C:\Users\waldemar\Downloads\FRST64.exe
2014-10-30 20:42 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 20:13 - 2014-10-30 20:16 - 00000000 ____D () C:\Users\waldemar\AppData\Local\paint.net
2014-10-30 20:13 - 2014-10-30 20:13 - 00001314 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00001302 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00000000 ____D () C:\Program Files\paint.net
2014-10-30 20:12 - 2014-10-30 20:12 - 06272852 _____ () C:\Users\waldemar\Desktop\paint.net.4.0.3.install.zip
2014-10-30 20:12 - 2014-10-30 20:12 - 00000000 ____D () C:\Users\waldemar\Desktop\paint.net.4.0.3.install
2014-10-30 20:11 - 2014-10-30 20:11 - 01125200 _____ () C:\Users\waldemar\Downloads\Paint NET - CHIP-Installer.exe
2014-10-30 19:29 - 2014-10-30 19:29 - 00002175 _____ () C:\Users\waldemar\Desktop\TrackMania Nations Forever - CHIP Downloader.lnk
2014-10-30 19:28 - 2014-10-30 19:28 - 01125200 _____ () C:\Users\waldemar\Downloads\TrackMania Nations Forever - CHIP-Installer.exe
2014-10-29 06:01 - 2014-10-28 21:43 - 00048824 _____ (StdLib) C:\WINDOWS\system32\Drivers\{b20d1921-9bc2-4560-913a-b040b4111d1f}Gw64.sys
2014-10-28 23:06 - 2014-10-28 23:06 - 00000600 _____ () C:\Users\waldemar\AppData\Roaming\winscp.rnd
2014-10-28 22:51 - 2014-10-28 22:51 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-10-28 22:51 - 2014-10-28 22:51 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-10-28 22:45 - 2014-10-28 22:51 - 00000000 ____D () C:\Users\waldemar\Desktop\IOS 8 JB
2014-10-28 15:27 - 2014-10-31 00:11 - 00000000 ____D () C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87
2014-10-28 14:57 - 2014-10-28 00:50 - 00048824 _____ (StdLib) C:\WINDOWS\system32\Drivers\{21769883-19ae-4dd9-b522-3613333c3df7}Gw64.sys
2014-10-28 14:52 - 2014-10-28 14:52 - 03940352 _____ () C:\WINDOWS\SysWOW64\setup.exe
2014-10-28 14:52 - 2014-10-28 14:52 - 00000000 ____D () C:\ProgramData\NextCoup
2014-10-28 14:52 - 2014-10-28 14:52 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-10-28 14:48 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\SaveNewaAppzo
2014-10-28 14:46 - 2014-10-28 14:46 - 00003158 _____ () C:\WINDOWS\System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1}
2014-10-28 01:23 - 2014-10-28 01:23 - 00365920 _____ () C:\Users\waldemar\Downloads\Setup.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 21:31 - 2014-10-27 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 21:29 - 2014-10-27 21:29 - 00004028 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-10-27 21:29 - 2014-10-27 21:29 - 00000000 ____D () C:\Users\waldemar\AppData\Local\pricehorse
2014-10-27 21:28 - 2014-10-27 21:33 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\systweak
2014-10-27 21:28 - 2014-10-27 21:33 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-27 21:27 - 2014-10-27 21:27 - 00003332 _____ () C:\WINDOWS\System32\Tasks\ASP
2014-10-27 21:27 - 2014-07-17 18:49 - 00020328 _____ (System Speedup) C:\WINDOWS\system32\roboot64.exe
2014-10-27 21:26 - 2014-10-31 12:27 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-27 21:26 - 2014-10-27 21:26 - 00000005 _____ () C:\end
2014-10-27 21:26 - 2014-10-27 21:26 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-10-27 13:36 - 2014-10-28 14:56 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-10-27 13:22 - 2014-10-27 13:22 - 00710107 _____ () C:\Users\waldemar\Desktop\Nieuwe_TM_hack2.exe
2014-10-27 00:54 - 2014-10-27 06:51 - 00001144 _____ () C:\Users\waldemar\Desktop\Continue Live Installation.lnk
2014-10-26 23:39 - 2014-10-31 12:26 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Genesis_10262239
2014-10-26 23:39 - 2014-10-31 09:54 - 00000444 _____ () C:\WINDOWS\Tasks\BlockAndSurf Update.job
2014-10-26 23:39 - 2014-10-31 09:51 - 00009554 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 23:39 - 2014-10-27 00:18 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\337Games
2014-10-26 23:39 - 2014-10-26 23:39 - 00058040 _____ (Corsica) C:\WINDOWS\system32\Drivers\webinstrNew.sys
2014-10-26 23:39 - 2014-10-26 23:39 - 00003402 _____ () C:\WINDOWS\System32\Tasks\LuckyTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00003090 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf Update
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\ver2BlockAndSurf
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-10-26 23:32 - 2014-10-26 23:32 - 00000000 ____D () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C
2014-10-26 23:32 - 2012-10-01 19:16 - 00000058 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hesla !.txt
2014-10-26 23:32 - 2012-09-26 00:26 - 00002381 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReadMe (Important).nfo
2014-10-26 23:32 - 2012-09-26 00:16 - 00329216 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TM2C_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00152576 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMNF_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00148992 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMUF_Trainer.exe
2014-10-26 23:32 - 2012-09-25 01:38 - 00569344 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tlTrainer.dll
2014-10-26 23:32 - 2012-09-24 22:17 - 00006656 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pscan.dll
2014-10-26 23:32 - 2012-06-17 14:35 - 00000187 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\config.cfg
2014-10-26 23:32 - 2012-06-09 19:07 - 00048128 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lgLcdConnect.dll
2014-10-26 23:32 - 2011-09-09 18:44 - 04003840 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\libmysql.dll
2014-10-26 23:31 - 2014-10-26 23:31 - 01307001 _____ () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C.rar
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Underwater City
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\The dropper PE
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\the dropper
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\RollerCoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Rolercoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Escape the witch
2014-10-25 13:16 - 2014-07-19 14:54 - 00000000 ____D () C:\Users\waldemar\Downloads\AAR Coaster
2014-10-25 13:15 - 2014-09-01 16:23 - 00000000 ____D () C:\Users\waldemar\Downloads\(Newer version 4) Never Ending Coaster
2014-10-25 13:15 - 2014-09-01 16:10 - 00000000 ____D () C:\Users\waldemar\Downloads\roller coster 3.4
2014-10-25 13:15 - 2014-07-15 07:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Syahir's Rollercoaster
2014-10-24 06:35 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\SaveNewaAppzo
2014-10-23 19:26 - 2014-10-23 19:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Minecraft Pocket Edition
2014-10-23 19:23 - 2014-10-23 19:59 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\iFunbox_UserCache
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-10-23 18:58 - 2014-10-29 12:36 - 00000000 ____D () C:\Users\waldemar\AppData\Local\pangu
2014-10-23 18:57 - 2014-10-23 19:00 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 18:57 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-10-23 18:56 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-18 10:13 - 2014-10-18 10:13 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-17 23:54 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\OptOn
2014-10-17 23:54 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\OptOn
2014-10-17 23:48 - 2014-10-17 23:48 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\EZDownloader
2014-10-17 23:39 - 2014-10-17 23:39 - 00000000 ____D () C:\Users\waldemar\Documents\Optimizer Pro
2014-10-17 23:24 - 2014-10-17 23:55 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\SkypEmoticons
2014-10-17 23:24 - 2014-10-17 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
2014-10-17 23:24 - 2014-10-17 23:24 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-17 23:23 - 2014-10-28 14:53 - 00000000 ____D () C:\ProgramData\GoSave
2014-10-17 23:23 - 2014-10-28 14:52 - 00000000 ____D () C:\Program Files (x86)\GoSave
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-17 23:23 - 2014-10-17 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-17 22:59 - 2014-10-17 23:01 - 00000000 ____D () C:\Users\waldemar\Desktop\Musik
2014-10-17 16:49 - 2014-10-17 16:49 - 00001319 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2014-10-17 16:49 - 2014-10-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2014-10-15 06:27 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 06:27 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 06:27 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 06:27 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 06:27 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 06:27 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 06:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 06:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 06:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 06:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 06:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 06:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 06:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 06:26 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 06:26 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 06:25 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 06:25 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 06:25 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 06:25 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 06:25 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 06:25 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 06:25 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 06:25 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 06:25 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 06:25 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 06:25 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 06:25 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 06:25 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 06:25 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 06:25 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 06:25 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 06:25 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 06:25 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 06:25 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 06:25 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 06:25 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 06:25 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 06:25 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 06:24 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 06:24 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 06:24 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 06:24 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 06:24 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-11 10:38 - 2013-08-22 07:59 - 00206336 _____ () C:\Users\waldemar\Desktop\battlefield 3 NoRecoil+Nospread+Minimap+ESP.EXE
2014-10-11 08:53 - 2014-10-11 08:53 - 00002191 _____ () C:\Users\waldemar\Desktop\Minecraft.lnk
2014-10-11 08:53 - 2014-10-11 08:53 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-10-10 14:50 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-10 14:50 - 2014-10-11 08:38 - 00000000 ____D () C:\Users\waldemar\Desktop\Videoaufnahmen OBS
2014-10-08 19:38 - 2014-10-30 20:42 - 00003848 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1412793520
2014-10-08 19:38 - 2014-10-30 20:42 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-08 19:38 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-08 19:38 - 2014-10-08 19:38 - 00001149 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Opera Software
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Opera Software
2014-10-08 10:17 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-02 21:06 - 2012-10-20 14:28 - 00187392 _____ (master131) C:\Users\waldemar\Desktop\Extreme Injector v2 by master131.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 12:23 - 2014-08-10 22:38 - 00000000 ____D () C:\Users\waldemar\Documents\TmForever
2014-10-31 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-31 11:32 - 2014-07-10 15:27 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 11:16 - 2014-09-10 16:42 - 01349410 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-31 10:43 - 2014-09-12 18:51 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A350FA8C-F1AE-4D16-B3BE-40AF58306519}
2014-10-31 09:58 - 2012-07-26 06:26 - 00000194 _____ () C:\WINDOWS\win.ini
2014-10-31 09:51 - 2014-09-10 17:10 - 00000000 __RDO () C:\Users\waldemar\OneDrive
2014-10-31 09:51 - 2014-07-10 15:27 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 22:28 - 2014-07-10 15:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930745963-3632866088-1184878944-1001
2014-10-30 21:42 - 2014-09-30 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 19:24 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-30 19:24 - 2014-03-18 10:25 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-30 19:24 - 2014-03-18 10:25 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-30 12:25 - 2014-09-12 10:47 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-30 09:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 14:53 - 2014-03-18 02:50 - 03003296 _____ () C:\WINDOWS\PFRO.log
2014-10-28 14:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-28 14:52 - 2014-09-27 22:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-28 14:52 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\10c5eb2f42657587
2014-10-28 14:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-28 14:48 - 2014-06-19 20:26 - 00000000 ____D () C:\Program Files\OBs
2014-10-28 14:46 - 2014-09-30 15:55 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-30 15:55 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-10 17:07 - 00001452 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-28 10:47 - 2014-07-12 12:27 - 00000000 ____D () C:\Users\waldemar\AppData\Local\CrashDumps
2014-10-27 00:18 - 2014-09-10 16:50 - 00000000 ____D () C:\Users\waldemar
2014-10-26 23:39 - 2013-08-22 15:46 - 00374463 _____ () C:\WINDOWS\setupact.log
2014-10-23 19:47 - 2014-08-27 08:59 - 00000000 ____D () C:\Users\waldemar\Desktop\Dinge für Spiele
2014-10-23 18:56 - 2013-01-22 10:17 - 00000000 ____D () C:\ProgramData\Apple
2014-10-22 16:42 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-10-22 16:42 - 2014-08-20 17:32 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-10-22 16:41 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-10-22 16:38 - 2014-07-15 15:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-18 10:13 - 2013-03-23 15:28 - 00143889 ____N () C:\WINDOWS\Minidump\101814-14640-01.dmp
2014-10-17 23:49 - 2014-08-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam
2014-10-17 23:23 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\YoutubeAdBloCke
2014-10-17 23:23 - 2014-09-27 22:19 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBloCke
2014-10-17 16:29 - 2014-07-15 15:08 - 00000000 ____D () C:\ProgramData\Origin
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-10-17 16:24 - 2014-08-11 16:29 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\DVDVideoSoft
2014-10-16 19:22 - 2014-07-11 20:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 19:19 - 2014-07-11 20:05 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 20:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-15 10:38 - 2013-08-22 15:44 - 00351464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 06:34 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-11 08:53 - 2014-08-17 07:02 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\.minecraft
2014-10-11 07:24 - 2014-08-03 16:52 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\NVIDIA
2014-10-10 19:54 - 2014-07-12 14:37 - 00000000 ____D () C:\Program Files\Spiele
Some content of TEMP:
====================
C:\Users\waldemar\AppData\Local\Temp\2YyPUaAQRF.exe
C:\Users\waldemar\AppData\Local\Temp\5tmhUfytxl.exe
C:\Users\waldemar\AppData\Local\Temp\6571C0D822CF.exe
C:\Users\waldemar\AppData\Local\Temp\6nuzW2Jks9.exe
C:\Users\waldemar\AppData\Local\Temp\86A88D1DE.exe
C:\Users\waldemar\AppData\Local\Temp\CloudBackup415.exe
C:\Users\waldemar\AppData\Local\Temp\dlLogic.exe
C:\Users\waldemar\AppData\Local\Temp\dltr.exe
C:\Users\waldemar\AppData\Local\Temp\drvprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\GCVerifier.dll
C:\Users\waldemar\AppData\Local\Temp\GoForFiles4AWMFp2sGp.exe
C:\Users\waldemar\AppData\Local\Temp\GoForFilesdWHCmlWNFQ.exe
C:\Users\waldemar\AppData\Local\Temp\jwfHL7MAIN.exe
C:\Users\waldemar\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\waldemar\AppData\Local\Temp\lSik9.dll
C:\Users\waldemar\AppData\Local\Temp\lSik9.exe
C:\Users\waldemar\AppData\Local\Temp\networkme1.exe
C:\Users\waldemar\AppData\Local\Temp\optprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\playsetup.exe
C:\Users\waldemar\AppData\Local\Temp\PP3scwPNIH.exe
C:\Users\waldemar\AppData\Local\Temp\prVA1.exe
C:\Users\waldemar\AppData\Local\Temp\res.dll
C:\Users\waldemar\AppData\Local\Temp\sSetup-se.exe
C:\Users\waldemar\AppData\Local\Temp\suRyop9H8x.exe
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12171.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12351.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite13697.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite28626.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite30572.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite36584.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite41022.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42458.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42666.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite48340.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite51368.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite58730.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89466.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89856.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite90835.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite97217.dll
C:\Users\waldemar\AppData\Local\Temp\Ut6ZMFaWA3.exe
C:\Users\waldemar\AppData\Local\Temp\vcredist_x64.exe
C:\Users\waldemar\AppData\Local\Temp\verifier.exe
C:\Users\waldemar\AppData\Local\Temp\VuuPC.exe
C:\Users\waldemar\AppData\Local\Temp\ZboHNdPjyc.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-28 17:15
==================== End Of Log ============================
|
|
01.11.2014, 11:27
| #4 |
| /// the machine /// TB-Ausbilder | Habe Problem mit jeden Browser Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.11.2014, 18:39
| #5 |
| | Habe Problem mit jeden Browser JRT.txtJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8.1 x64
Ran by waldemar on 01.11.2014 at 18:32:18,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update netcrawl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util netcrawl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\waldemar\music\qtrax media library"
~~~ FireFox
Successfully deleted the following from C:\Users\waldemar\AppData\Roaming\mozilla\firefox\profiles\32m2wwn4.default-1414455783469\prefs.js
user_pref("browser.search.defaultenginename", "Trovi search");
user_pref("browser.search.selectedEngine", "Trovi search");
Emptied folder: C:\Users\waldemar\AppData\Roaming\mozilla\firefox\profiles\32m2wwn4.default-1414455783469\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.11.2014 at 18:33:44,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mbam.txt Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software (end) ADWCleaner.txtAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 01/11/2014 um 18:29:02
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : waldemar - MILLER
# Gestartet von : C:\Users\waldemar\Downloads\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : netfilter64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\337Games
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\EZDownloader
Ordner Gelöscht : C:\Users\waldemar\Documents\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gelöscht : C:\Users\waldemar\AppData\Local\torch
Ordner Gelöscht : C:\ProgramData\Trusted Publisher
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Program Files (x86)\LuckyTab
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
Ordner Gelöscht : C:\ProgramData\SaveNewaAppzo
Ordner Gelöscht : C:\Program Files (x86)\SaveNewaAppzo
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\G@VuX1P.org
Ordner Gelöscht : C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\OSZ@tDkT.com
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebgfleabhhccegljopkcbjhedngbgei
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdihbgjndcogbihkonabmomiiccmeij
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
[!] Ordner Gelöscht : C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnpnehopncgafgcekcjhojfcammkdkl
Datei Gelöscht : C:\Users\waldemar\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\WINDOWS\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\waldemar\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\waldemar\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
***** [ Tasks ] *****
Task Gelöscht : ASP
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Superfish
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32a3c7e9-e971-4903-961b-e46b9cc34999}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4875c2dc-f67f-418d-9412-b008968785a1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32a3c7e9-e971-4903-961b-e46b9cc34999}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4875c2dc-f67f-418d-9412-b008968785a1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32a3c7e9-e971-4903-961b-e46b9cc34999}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4875c2dc-f67f-418d-9412-b008968785a1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32a3c7e9-e971-4903-961b-e46b9cc34999}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4875c2dc-f67f-418d-9412-b008968785a1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32a3c7e9-e971-4903-961b-e46b9cc34999}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4875c2dc-f67f-418d-9412-b008968785a1}
Schlüssel Gelöscht : HKCU\Software\Driver Pro
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [11796 octets] - [01/11/2014 18:27:09]
AdwCleaner[S0].txt - [11485 octets] - [01/11/2014 18:29:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11546 octets] ##########
Frische FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by waldemar (administrator) on MILLER on 01-11-2014 18:35:35
Running from C:\Users\waldemar\Downloads
Loaded Profile: waldemar (Available profiles: waldemar & UpdatusUser & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\MountPoints2: {f487ac12-93c5-11e2-be6e-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-930745963-3632866088-1184878944-1001\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\5.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\6.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\7.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\8.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\9.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\zombiddos.vbs ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D09195F2-1B7B-4DBF-A744-45187504E0A8} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name -> {11111111-1111-1111-1111-110611321185} -> No File
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469
FF NewTab:
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adanak - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{21769883-19ae-4dd9-b522-3613333c3df7}.xpi [2014-10-28]
FF Extension: Adblock Plus - C:\Users\waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\32m2wwn4.default-1414455783469\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-30]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://start.iminent.com/?appId=9BEC116D-D7AE-4914-8F57-C0D412DF5744"
CHR Profile: C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HD for YouTube™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-09-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-29]
CHR Extension: (Skill Games) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\caibojmomcndolfkdcehpbbflooebmeg [2014-09-29]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-09-29]
CHR Extension: (Tumblr Collage) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcipfpihnkblbbemdagfdhjjeilli [2014-10-27]
CHR Extension: (Farbwechsel für Google ™) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-09-29]
CHR Extension: (Red Ball) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjalmjfkbijjjomllohadmkfkhgonop [2014-09-29]
CHR Extension: (HQVP-3.5V21.09) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2014-09-28]
CHR Extension: (OptOn) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocpknlaljmgfaafmhngmakmnilckkdc [2014-10-17]
CHR Extension: (Adblock Super) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-29]
CHR Extension: (SndLatr Beta for Gmail) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2014-10-24]
CHR Extension: (Google Wallet) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2014-09-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-09-10] (Microsoft Corporation)
R2 MaintainerSvc3.19.691608; C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87\maintainer.exe [123672 2014-11-01] ()
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-09-10] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-09-29] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-10] (Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-10-14] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-10] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 18:35 - 2014-11-01 18:35 - 00000000 ____D () C:\Users\waldemar\Downloads\FRST-OlderVersion
2014-11-01 18:33 - 2014-11-01 18:33 - 00001538 _____ () C:\Users\waldemar\Desktop\JRT.txt
2014-11-01 18:32 - 2014-11-01 18:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-01 18:31 - 2014-11-01 18:32 - 01706359 _____ (Thisisu) C:\Users\waldemar\Downloads\JRT.exe
2014-11-01 18:26 - 2014-11-01 18:29 - 00000000 ____D () C:\AdwCleaner
2014-11-01 18:26 - 2014-11-01 18:26 - 01998336 _____ () C:\Users\waldemar\Downloads\AdwCleaner_4.002.exe
2014-11-01 18:25 - 2014-11-01 18:25 - 00000058 _____ () C:\Users\waldemar\Desktop\mbam.txt
2014-11-01 18:03 - 2014-11-01 18:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 18:02 - 2014-11-01 18:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\waldemar\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-01 18:02 - 2014-11-01 18:02 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-01 18:02 - 2014-11-01 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-01 18:02 - 2014-11-01 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-01 18:02 - 2014-11-01 18:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-01 18:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-01 18:02 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-01 18:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-01 17:51 - 2014-11-01 17:51 - 02785665 _____ (PortableApps.com) C:\Users\waldemar\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf(1).exe
2014-11-01 17:49 - 2014-11-01 17:59 - 00000000 ____D () C:\Users\waldemar\Downloads\RevoUninstallerPortable
2014-11-01 17:49 - 2014-11-01 17:49 - 02785665 _____ (PortableApps.com) C:\Users\waldemar\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-10-31 12:27 - 2014-10-31 12:29 - 00036755 _____ () C:\Users\waldemar\Downloads\Addition.txt
2014-10-31 12:26 - 2014-11-01 18:35 - 02114048 _____ (Farbar) C:\Users\waldemar\Downloads\FRST64.exe
2014-10-31 12:26 - 2014-11-01 18:35 - 00017509 _____ () C:\Users\waldemar\Downloads\FRST.txt
2014-10-31 12:26 - 2014-11-01 18:35 - 00000000 ____D () C:\FRST
2014-10-30 20:42 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 20:13 - 2014-10-30 20:16 - 00000000 ____D () C:\Users\waldemar\AppData\Local\paint.net
2014-10-30 20:13 - 2014-10-30 20:13 - 00001314 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00001302 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-10-30 20:13 - 2014-10-30 20:13 - 00000000 ____D () C:\Program Files\paint.net
2014-10-30 20:11 - 2014-10-30 20:11 - 01125200 _____ () C:\Users\waldemar\Downloads\Paint NET - CHIP-Installer.exe
2014-10-30 19:28 - 2014-10-30 19:28 - 01125200 _____ () C:\Users\waldemar\Downloads\TrackMania Nations Forever - CHIP-Installer.exe
2014-10-28 23:06 - 2014-10-28 23:06 - 00000600 _____ () C:\Users\waldemar\AppData\Roaming\winscp.rnd
2014-10-28 22:51 - 2014-10-28 22:51 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-10-28 22:51 - 2014-10-28 22:51 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-10-28 22:45 - 2014-10-28 22:51 - 00000000 ____D () C:\Users\waldemar\Desktop\IOS 8 JB
2014-10-28 15:27 - 2014-11-01 08:12 - 00000000 ____D () C:\ProgramData\f8d67e26-5954-4e5e-906c-2b89b2e43e87
2014-10-28 14:52 - 2014-10-28 14:52 - 03940352 _____ () C:\WINDOWS\SysWOW64\setup.exe
2014-10-28 14:46 - 2014-10-28 14:46 - 00003158 _____ () C:\WINDOWS\System32\Tasks\{9E631260-DC19-4D51-A6E1-4D7D8D3B67F1}
2014-10-27 21:31 - 2014-10-27 21:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-27 21:31 - 2014-10-27 21:31 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 21:31 - 2014-10-27 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-26 23:39 - 2014-11-01 07:56 - 00009554 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 23:39 - 2014-10-26 23:39 - 00003402 _____ () C:\WINDOWS\System32\Tasks\LuckyTab
2014-10-26 23:39 - 2014-10-26 23:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 23:32 - 2014-10-26 23:32 - 00000000 ____D () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C
2014-10-26 23:32 - 2012-10-01 19:16 - 00000058 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hesla !.txt
2014-10-26 23:32 - 2012-09-26 00:26 - 00002381 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReadMe (Important).nfo
2014-10-26 23:32 - 2012-09-26 00:16 - 00329216 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TM2C_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00152576 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMNF_Trainer.exe
2014-10-26 23:32 - 2012-09-26 00:16 - 00148992 _____ (Copy-Mark Productions) C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TMUF_Trainer.exe
2014-10-26 23:32 - 2012-09-25 01:38 - 00569344 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tlTrainer.dll
2014-10-26 23:32 - 2012-09-24 22:17 - 00006656 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pscan.dll
2014-10-26 23:32 - 2012-06-17 14:35 - 00000187 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\config.cfg
2014-10-26 23:32 - 2012-06-09 19:07 - 00048128 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lgLcdConnect.dll
2014-10-26 23:32 - 2011-09-09 18:44 - 04003840 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\libmysql.dll
2014-10-26 23:31 - 2014-10-26 23:31 - 01307001 _____ () C:\Users\waldemar\Desktop\TrackMania---UltraTrainer-(cheat)-do-TMNF,TMUF,TM2C.rar
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Underwater City
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\The dropper PE
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\the dropper
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\RollerCoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Rolercoaster
2014-10-25 13:16 - 2014-10-25 13:16 - 00000000 ____D () C:\Users\waldemar\Downloads\Escape the witch
2014-10-25 13:16 - 2014-07-19 14:54 - 00000000 ____D () C:\Users\waldemar\Downloads\AAR Coaster
2014-10-25 13:15 - 2014-09-01 16:23 - 00000000 ____D () C:\Users\waldemar\Downloads\(Newer version 4) Never Ending Coaster
2014-10-25 13:15 - 2014-09-01 16:10 - 00000000 ____D () C:\Users\waldemar\Downloads\roller coster 3.4
2014-10-25 13:15 - 2014-07-15 07:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Syahir's Rollercoaster
2014-10-23 19:26 - 2014-10-23 19:37 - 00000000 ____D () C:\Users\waldemar\Downloads\Minecraft Pocket Edition
2014-10-23 19:23 - 2014-10-23 19:59 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\iFunbox_UserCache
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-10-23 18:58 - 2014-10-29 12:36 - 00000000 ____D () C:\Users\waldemar\AppData\Local\pangu
2014-10-23 18:57 - 2014-10-23 19:00 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 18:57 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 18:57 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-10-23 18:56 - 2014-10-23 18:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Apple
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-18 10:13 - 2014-10-18 10:13 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-17 22:59 - 2014-10-17 23:01 - 00000000 ____D () C:\Users\waldemar\Desktop\Musik
2014-10-17 16:49 - 2014-10-17 16:49 - 00001319 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2014-10-17 16:49 - 2014-10-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2014-10-15 06:27 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 06:27 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 06:27 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 06:27 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 06:27 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 06:27 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 06:26 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 06:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 06:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 06:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 06:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 06:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 06:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 06:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 06:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 06:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 06:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 06:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 06:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 06:26 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 06:26 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 06:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 06:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 06:26 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 06:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 06:25 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 06:25 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 06:25 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 06:25 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 06:25 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 06:25 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 06:25 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 06:25 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 06:25 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 06:25 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 06:25 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 06:25 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 06:25 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 06:25 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 06:25 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 06:25 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 06:25 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 06:25 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 06:25 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 06:25 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 06:25 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 06:25 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 06:25 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 06:25 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 06:25 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 06:25 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 06:25 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 06:25 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 06:25 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 06:25 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 06:25 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 06:25 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 06:25 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 06:25 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 06:25 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 06:25 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 06:24 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 06:24 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 06:24 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 06:24 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 06:24 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-11 10:38 - 2013-08-22 07:59 - 00206336 _____ () C:\Users\waldemar\Desktop\battlefield 3 NoRecoil+Nospread+Minimap+ESP.EXE
2014-10-11 08:53 - 2014-10-11 08:53 - 00002191 _____ () C:\Users\waldemar\Desktop\Minecraft.lnk
2014-10-11 08:53 - 2014-10-11 08:53 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-10-10 14:50 - 2014-10-28 14:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-10 14:50 - 2014-10-11 08:38 - 00000000 ____D () C:\Users\waldemar\Desktop\Videoaufnahmen OBS
2014-10-08 19:38 - 2014-10-30 20:42 - 00003848 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1412793520
2014-10-08 19:38 - 2014-10-30 20:42 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-08 19:38 - 2014-10-30 20:42 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-08 19:38 - 2014-10-08 19:38 - 00001149 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\Opera Software
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\waldemar\AppData\Local\Opera Software
2014-10-08 10:17 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 18:32 - 2014-07-12 12:27 - 00000000 ____D () C:\Users\waldemar\AppData\Local\CrashDumps
2014-11-01 18:32 - 2014-07-10 15:27 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 18:30 - 2014-09-10 17:10 - 00000000 ___DO () C:\Users\waldemar\OneDrive
2014-11-01 18:30 - 2014-09-10 16:42 - 01424811 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-01 18:30 - 2014-07-10 15:27 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 18:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 18:29 - 2014-03-18 02:50 - 03093890 _____ () C:\WINDOWS\PFRO.log
2014-11-01 18:27 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 18:27 - 2014-03-18 10:25 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-01 18:27 - 2014-03-18 10:25 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-01 18:26 - 2014-07-10 15:20 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930745963-3632866088-1184878944-1001
2014-11-01 18:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-01 18:19 - 2012-07-26 06:26 - 00000194 _____ () C:\WINDOWS\win.ini
2014-11-01 17:59 - 2014-09-30 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 17:59 - 2014-09-27 22:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-11-01 17:59 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\10c5eb2f42657587
2014-11-01 17:39 - 2014-09-12 18:51 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A350FA8C-F1AE-4D16-B3BE-40AF58306519}
2014-11-01 17:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-01 07:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-31 12:23 - 2014-08-10 22:38 - 00000000 ____D () C:\Users\waldemar\Documents\TmForever
2014-10-30 12:25 - 2014-09-12 10:47 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-28 14:48 - 2014-06-19 20:26 - 00000000 ____D () C:\Program Files\OBs
2014-10-28 14:46 - 2014-09-30 15:55 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-30 15:55 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:46 - 2014-09-10 17:07 - 00001452 _____ () C:\Users\waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-27 00:18 - 2014-09-10 16:50 - 00000000 ____D () C:\Users\waldemar
2014-10-26 23:39 - 2013-08-22 15:46 - 00374463 _____ () C:\WINDOWS\setupact.log
2014-10-23 19:47 - 2014-08-27 08:59 - 00000000 ____D () C:\Users\waldemar\Desktop\Dinge für Spiele
2014-10-23 18:56 - 2013-01-22 10:17 - 00000000 ____D () C:\ProgramData\Apple
2014-10-22 16:42 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-10-22 16:42 - 2014-08-20 17:32 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-10-22 16:41 - 2014-09-29 16:45 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-10-22 16:38 - 2014-07-15 15:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-18 10:13 - 2013-03-23 15:28 - 00143889 ____N () C:\WINDOWS\Minidump\101814-14640-01.dmp
2014-10-17 23:49 - 2014-08-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam
2014-10-17 16:29 - 2014-07-15 15:08 - 00000000 ____D () C:\ProgramData\Origin
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-17 16:24 - 2014-09-22 20:03 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-10-17 16:24 - 2014-08-11 16:29 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\DVDVideoSoft
2014-10-16 19:22 - 2014-07-11 20:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 19:19 - 2014-07-11 20:05 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 20:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-15 10:38 - 2013-08-22 15:44 - 00351464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-15 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 06:34 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-11 08:53 - 2014-08-17 07:02 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\.minecraft
2014-10-11 07:24 - 2014-08-03 16:52 - 00000000 ____D () C:\Users\waldemar\AppData\Roaming\NVIDIA
2014-10-10 19:54 - 2014-07-12 14:37 - 00000000 ____D () C:\Program Files\Spiele
Some content of TEMP:
====================
C:\Users\waldemar\AppData\Local\Temp\CloudBackup415.exe
C:\Users\waldemar\AppData\Local\Temp\drvprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\lSik9.dll
C:\Users\waldemar\AppData\Local\Temp\lSik9.exe
C:\Users\waldemar\AppData\Local\Temp\networkme1.exe
C:\Users\waldemar\AppData\Local\Temp\optprosetup.exe
C:\Users\waldemar\AppData\Local\Temp\prVA1.exe
C:\Users\waldemar\AppData\Local\Temp\Quarantine.exe
C:\Users\waldemar\AppData\Local\Temp\sqlite3.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12171.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite12351.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite13697.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite28626.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite30572.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite36584.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite41022.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42458.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite42666.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite48340.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite51368.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite58730.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89466.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite89856.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite90835.dll
C:\Users\waldemar\AppData\Local\Temp\System.Data.SQLite97217.dll
C:\Users\waldemar\AppData\Local\Temp\vcredist_x64.exe
C:\Users\waldemar\AppData\Local\Temp\VuuPC.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-28 17:15
==================== End Of Log ============================
|
|
02.11.2014, 13:27
| #6 |
| /// the machine /// TB-Ausbilder | Habe Problem mit jeden BrowserESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Habe Problem mit jeden Browser |
|
| Themen zu Habe Problem mit jeden Browser |
| adanak entfernen, blockandsurf entfernen, bluescreen 0x80070005, couponarific entfernen, fehlercode 0xc0000005, genesis entfernen, skypemoticons entfernen, super, youtubeadblocke entfernen |
dann auf 
und dann auf 
. 
Linear-Darstellung
