|
Plagegeister aller Art und deren Bekämpfung: Steam Inventory Hijacked durch ausführen einer .exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2014, 17:58 | #1 |
| Steam Inventory Hijacked durch ausführen einer .exe Guten Tag, Hab gerade ein riesen Problem, hab mir gestern ein Spiel auf Wunsch eines eigentlich guten Steam Freundes gedownloadet auf folgender Seite hxxp://www.supercatman.org welches ich anschließend auch ausführte, um es zu installieren. Das Problem ist, dass das Spiel gemacht wurde, um das Steam Inventar (Inventar auf der Spieleplattform Steam) zu stehlen. Nachdem ich es ausführte und bemerkte das sich nichts tat, wurde ich gleich skeptisch und sah das mein Ganzes Steam Inventar leer war ( zirka 600€ wurde von meinem auf einen anderen Account gehandelt). Dieses Handeln muss durch meinen PC geschehen sein, da Steamguard (Schutzfunktion von Steam) verhindert dass jmd von einem anderen PC sich auf mein Steam Account einlogt. Hab aber kein Handelsfenster gesehen (muss unsichtbar im Hintergrund passiert sein) Jetzt wollte ich wissen, ob ich herausfinden kann, ob das Programm im Hintergrund evtl. noch läuft oder ob noch Überbleibsel davon auf meinem PC sind, die zu weiteren Schäden führen können. Durch eine WhoIs abfrage seiner Homepage habe ich die Person die dahinter steckt herausgefunden (glaub ich zumindest) siehe hier "https://dl.dropboxusercontent.com/u/95868356/beweise.jpg" Wie viel Chancen habe ich mit einer Anzeige, da er in neu Seeland lebt? Ich habe bereits eine Systemwiederherstellung durchgeführt, Malewarebytes mehrmals durchlaufen lassen und Avira durchlaufen lassen. Und alle passwörter geändert Steam= hxxp://steamcommunity.com/ MfG Christian Wigger Geändert von schrauber (15.11.2014 um 19:58 Uhr) |
12.11.2014, 18:27 | #2 |
/// the machine /// TB-Ausbilder | Steam Inventory Hijacked durch ausführen einer .exe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.11.2014, 18:42 | #3 |
| Steam Inventory Hijacked durch ausführen einer .exe Okay,
__________________hab gerade herrausgefunden das dies im Feld unter ausführen steht E:\Users\CHRIST~1\AppData\Local\Temp\supercatman_launcher_1.9.43-1 die Dateien sind im Anhang |
13.11.2014, 10:32 | #4 |
/// the machine /// TB-Ausbilder | Steam Inventory Hijacked durch ausführen einer .exe Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.11.2014, 17:08 | #5 |
| Steam Inventory Hijacked durch ausführen einer .exe Sorry, hier noch einmal in Textform und schonmal vielen Dank im Vorraus FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Christian (administrator) on CHRISTIAN-PC on 12-11-2014 18:36:42 Running from E:\Users\Christian\Downloads Loaded Profile: Christian (Available profiles: Christian) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () E:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe () E:\Program Files\EslWire\service\WireHelperSvc.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (Beepa P/L) E:\Fraps\fraps.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Mr. John aka japamd) E:\Program Files (x86)\RadeonPro\RadeonProSupport.exe () E:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Xfire Inc.) E:\Program Files (x86)\Xfire\Xfire.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Beepa P/L) E:\Fraps\fraps64.dat (Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Xfire Inc.) E:\Program Files (x86)\Xfire\Xfire.exe () E:\Program Files (x86)\Xfire\xfire64.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Nullsoft, Inc.) E:\Program Files (x86)\Winamp\winamp.exe (Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Ocs_SM] => E:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2014-01-31] (OCS) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [7322624 2009-09-10] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA) HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-09-25] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-09] (APN) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-11] (Valve Corporation) HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {0483bb9f-2f51-11e1-be0f-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {06d4cc84-4008-11e3-be18-485b39002888} - I:\AutoRun.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {06d4ccba-4008-11e3-be18-485b39002888} - I:\AutoRun.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {3264222f-40b5-11e3-9fdd-485b39002888} - I:\AutoRun.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {572ba549-2f18-11e1-b84c-806e6f6e6963} - D:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {6804db73-216a-11e4-aea4-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {79e36634-5b2c-11e1-ba26-00ff01000001} - H:\LaunchU3.exe -a HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {915be8eb-4548-11e3-a51f-485b39002888} - I:\AutoRun.exe HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\MountPoints2: {c17e095e-b3e7-11e2-be10-806e6f6e6963} - D:\Autorun.exe Startup: E:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> E:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C7854596482CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1157228855-93186708-2366711758-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKCU - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531315352&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&k=0 SearchScopes: HKCU - {0FDEE90C-9B7B-4D98-B8CB-EA25D11E60E6} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 SearchScopes: HKCU - {11CBD6F2-E5DA-49E8-924B-925691628925} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 SearchScopes: HKCU - {420E914B-8D33-40F3-B5AC-A4A2F778BF49} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 SearchScopes: HKCU - {479A07FD-100D-4875-A9C8-D48E0FF08629} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKCU - {862BF3DE-2F89-4958-ABA8-8EAD8B6694E8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com.anonymize-me.de/?anonymto=687474703A2F2F65752E61736B2E636F6D2F7765623F6C3D646973266F3D3136353532266763743D736226717372633D323836392661706E5F647469643D5E5959595959595E59595E44452661706E5F70746E72733D5E4139542661706E5F7569643D313132383738323333363430343335382670323D5E4139545E5959595959595E59595E444526713D7B7365617263685465726D737D&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&k=0 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6Oz8QGJChJ&loc=skw&search={searchTerms}&i=26 SearchScopes: HKCU - {DA3BDA12-9E9E-4050-A12B-6A0527FED822} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e747a47a-c208-473f-81c8-a88e5559f85b&pid=chipde&mode=bounce&k=0 BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 178.24.16.46 al-admin.dev FireFox: ======== FF ProfilePath: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default FF SearchEngineOrder.1: Ask.com FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://www.google.ch/search?q= FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1HdnRBRWxhRFZ6OCZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0-rc1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1157228855-93186708-2366711758-1001: @Skype Limited.com/Facebook Video Calling Plugin -> E:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1157228855-93186708-2366711758-1001: @unity3d.com/UnityPlayer,version=1.0 -> E:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1157228855-93186708-2366711758-1001: ubisoft.com/uplaypc -> E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\user.js FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\5b0610dd-c874-4e65-9bf4-efa97c2affd4.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{03B24FB0-7768-4178-B66F-635D9512A8DA}.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{3A5E24DD-D7C0-4303-AF54-32823BFD86EF}.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{4C053637-A6C0-4D2C-A115-FDCAB0393AB3}.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{A1F8FF03-A275-4349-BFC3-F1D578B80485}.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{AAFC0A82-AE17-4412-BE50-A8765D229B85}.xml FF SearchPlugin: E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\searchplugins\{FC9232F4-B269-4427-A6DE-C8915F585165}.xml FF Extension: Avira Browser Safety - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\abs@avira.com [2014-09-30] FF Extension: FireJump - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\firejump@firejump.net [2014-01-31] FF Extension: Clippings - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2014-10-07] FF Extension: DownloadHelper - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07] FF Extension: Classic Theme Restorer - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10] FF Extension: The Addon Bar (restored) - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-10] FF Extension: Avira SearchFree Toolbar plus Web Protection - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF Extension: unity manager - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{15566ed7-841a-4f54-b2aa-924f25196625}.xpi [2014-04-21] FF Extension: Textarea Cache - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2014-04-01] FF Extension: {6c3f7782-3789-4cc8-8a3b-bded488e0de6} - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{6c3f7782-3789-4cc8-8a3b-bded488e0de6}.xpi [2014-04-19] FF Extension: Adblock Plus - E:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dvz8z4q7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-01] FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - E:\Users\Christian\AppData\Roaming\Helper FF Extension: Helper - E:\Users\Christian\AppData\Roaming\Helper [2014-02-01] FF Extension: No Name - dnshelp@dnshelp.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-09-10] CHR Extension: (ProxFlow) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-09-10] CHR Extension: (Google Präsentationen) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-10] CHR Extension: (Google Docs) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10] CHR Extension: (Google Drive) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-10] CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (YouTube) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-10] CHR Extension: (Google-Suche) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-10] CHR Extension: (Google Tabellen) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-10] CHR Extension: (Avira Browser Safety) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-10] CHR Extension: (LoungeDestroyer) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2014-09-19] CHR Extension: (CS:GO Lounge Bump Bot) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2014-10-29] CHR Extension: (Refresh Monkey) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2014-10-29] CHR Extension: (Google Wallet) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10] CHR Extension: (Google Mail) - E:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-10] CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-03] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-03] CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - E:\Users\Christian\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AddonsHelper; E:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [896512 2014-01-31] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-20] () [File not signed] R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed] R2 EslWireHelper; E:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Mobile Partner. RunOuc; E:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4700536 2013-07-24] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-15] () R2 RadeonPro Support Service; E:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SearchAnonymizer; E:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2014-01-31] () [File not signed] R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) S3 wifimansvc; E:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-11-28] (Turtle Entertainment GmbH) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-08-19] (<Turtle Entertainment>) S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech) S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech) S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 ALSysIO; \??\E:\Users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 X6va005; \??\E:\Users\CHRIST~1\AppData\Local\Temp\0055B0F.tmp [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 18:36 - 2014-11-12 18:37 - 00032963 _____ () E:\Users\Christian\Downloads\FRST.txt 2014-11-12 18:36 - 2014-11-12 18:36 - 02116096 _____ (Farbar) E:\Users\Christian\Downloads\FRST64.exe 2014-11-12 18:36 - 2014-11-12 18:36 - 00000000 ____D () C:\FRST 2014-11-12 17:58 - 2014-11-12 17:58 - 00000278 _____ () E:\Users\Christian\Desktop\Steam Inventory Hijacked durch ausführen einer .exe - Trojaner-Board.URL 2014-11-12 00:26 - 2014-11-12 00:26 - 00000000 ____H () E:\Users\Christian\Documents\Default.rdp 2014-11-12 00:09 - 2014-11-12 00:09 - 00000252 _____ () E:\Users\Christian\Desktop\Steam Inventory Gestohlen - Steam Support.URL 2014-11-11 21:41 - 2014-11-11 23:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 21:41 - 2014-11-11 21:41 - 00000952 _____ () E:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-11 21:40 - 2014-11-11 21:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-11 21:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 21:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 21:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 21:38 - 2014-11-11 21:38 - 19828376 _____ (Malwarebytes Corporation ) E:\Users\Christian\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 19:19 - 2014-11-11 19:19 - 00000281 _____ () E:\Users\Christian\Desktop\Warning.URL 2014-11-03 01:23 - 2014-11-03 01:23 - 00000000 _____ () E:\Users\Christian\Documents\ts3_clientui-win64-1407159763-2014-11-03 01_23_37.797302.dmp 2014-11-01 23:07 - 2014-11-01 23:07 - 00000222 _____ () E:\Users\Christian\Desktop\Evolve.url 2014-11-01 19:48 - 2014-11-01 20:00 - 00005462 _____ () E:\Users\Christian\Desktop\9 Gebote.txt 2014-10-31 18:24 - 2014-10-31 18:24 - 00000222 _____ () E:\Users\Christian\Desktop\BRUUUDIS Admin.URL 2014-10-27 16:58 - 2014-10-27 16:58 - 00000859 _____ () E:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-10-27 16:57 - 2014-10-28 01:14 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\uTorrent 2014-10-27 16:56 - 2014-10-27 16:56 - 01689168 _____ (BitTorrent Inc.) E:\Users\Christian\Downloads\uTorrent.exe 2014-10-21 23:15 - 2014-10-21 23:15 - 00000265 _____ () E:\Users\Christian\Desktop\Verbinden….URL 2014-10-16 16:04 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 16:04 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 16:04 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 16:04 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 16:04 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 16:04 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 16:04 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 16:04 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 16:04 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 16:04 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 16:04 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 16:04 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 16:04 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 16:04 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 16:04 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 16:04 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 16:04 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 16:04 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 16:04 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 16:04 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 16:04 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 16:04 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 16:04 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 16:04 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 16:04 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 16:04 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 16:04 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 16:04 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 16:04 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 16:04 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 16:04 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 16:04 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 16:04 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 16:04 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 16:04 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 16:04 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 16:04 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 16:04 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 16:04 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 16:04 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 16:04 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 16:04 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 16:04 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 16:04 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 16:04 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 16:04 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 16:04 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 16:04 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 16:04 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 16:04 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 16:04 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 16:04 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 16:04 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 16:04 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 16:04 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 16:04 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 16:04 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 16:04 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 16:03 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 16:03 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 16:03 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 16:03 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 16:03 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 16:03 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 16:03 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 16:03 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 16:03 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 16:03 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 16:03 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 16:03 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 16:03 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 16:03 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 16:03 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 16:03 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-16 16:03 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-16 16:03 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-16 16:03 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-16 16:03 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-10-16 16:03 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-16 16:03 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-10-16 16:03 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-10-13 22:31 - 2014-10-13 22:31 - 00801792 _____ () E:\Users\Christian\Downloads\ArmaCon(1).exe 2014-10-13 17:21 - 2014-10-13 17:21 - 00000875 _____ () E:\Users\Public\Desktop\ArmaCon.lnk 2014-10-13 17:20 - 2014-10-13 17:20 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\GSN Gaming ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 18:36 - 2011-11-26 00:54 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\Skype 2014-11-12 18:29 - 2011-12-25 17:55 - 01740784 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 18:27 - 2014-09-10 18:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 17:52 - 2013-06-30 12:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-12 17:50 - 2011-11-26 11:20 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\TS3Client 2014-11-12 17:04 - 2011-11-26 14:51 - 00000177 ____H () C:\dvmexp.idx 2014-11-12 17:01 - 2009-07-14 05:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 17:01 - 2009-07-14 05:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 17:00 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-11-12 17:00 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-11-12 17:00 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-12 16:56 - 2013-10-31 18:23 - 00117026 _____ () C:\Windows\setupact.log 2014-11-12 16:54 - 2014-09-10 18:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-12 16:54 - 2013-12-19 15:30 - 00003154 _____ () C:\Windows\System32\Tasks\FRAPS 2014-11-12 16:54 - 2013-10-31 18:23 - 00160146 _____ () C:\Windows\PFRO.log 2014-11-12 16:54 - 2013-09-12 18:40 - 00000000 ____D () E:\Users\Christian\AppData\Local\LogMeIn Hamachi 2014-11-12 16:54 - 2012-11-15 21:21 - 00000000 ____D () E:\Users\Christian\AppData\Local\Htc 2014-11-12 16:54 - 2012-05-12 16:47 - 00000000 ____D () E:\Users\Christian\AppData\Local\TSVNCache 2014-11-12 16:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 16:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-11-12 04:14 - 2012-12-23 22:06 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001UA.job 2014-11-11 23:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI 2014-11-11 23:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech 2014-11-11 23:34 - 2012-02-16 16:55 - 02250240 ___SH () E:\Users\Christian\Desktop\Thumbs.db 2014-11-11 22:52 - 2013-06-30 12:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 22:52 - 2012-08-31 05:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 22:52 - 2011-12-25 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 22:11 - 2012-12-23 22:06 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001Core.job 2014-11-11 21:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-11 21:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-11 19:05 - 2013-06-25 19:55 - 00000000 ____D () E:\Users\Christian\AppData\Local\Arma 3 2014-11-11 00:00 - 2014-09-26 17:09 - 00002153 _____ () E:\Users\Christian\Desktop\support.txt 2014-11-10 19:16 - 2014-05-03 20:00 - 00000222 _____ () E:\Users\Christian\Desktop\Arma 3.url 2014-11-10 16:02 - 2014-10-09 21:55 - 00000000 ____D () E:\Users\Christian\Downloads\EpochMod 2014-11-09 15:40 - 2011-11-26 00:52 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\Xfire 2014-11-06 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-06 16:50 - 2014-08-13 15:51 - 00000981 _____ () E:\Users\Public\Desktop\Avira.lnk 2014-11-06 16:50 - 2013-08-14 16:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-06 06:29 - 2012-02-17 16:39 - 00010836 _____ () E:\Users\Christian\Desktop\wichtig.txt 2014-11-03 01:23 - 2011-12-26 17:59 - 00000000 ____D () E:\Users\Christian\AppData\Local\ESL Wire Game Client 2014-11-01 23:07 - 2011-11-26 01:07 - 00000000 ____D () E:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-28 17:29 - 2014-09-10 18:14 - 00002021 _____ () E:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 06:34 - 2011-12-25 18:43 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 23:37 - 2011-12-13 14:58 - 00000000 ____D () E:\Users\Christian\.gimp-2.6 2014-10-18 00:22 - 2014-09-10 18:13 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-18 00:22 - 2014-09-10 18:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-17 13:22 - 2009-07-14 05:45 - 00295448 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 20:51 - 2013-08-14 18:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 20:42 - 2011-12-26 04:06 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 15:58 - 2013-05-01 01:15 - 00000798 _____ () E:\Users\Public\Desktop\ESL Wire.lnk 2014-10-14 16:22 - 2013-08-14 16:19 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-14 16:22 - 2013-08-14 16:18 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-14 16:21 - 2013-08-14 16:18 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Files to move or delete: ==================== E:\Users\Christian\jagex_cl_runescape_LIVE.dat E:\Users\Christian\random.dat Some content of TEMP: ==================== E:\Users\Christian\AppData\Local\Temp\avgnt.exe E:\Users\Christian\AppData\Local\Temp\EslWireSetup-1.17.3.7769-x64.exe E:\Users\Christian\AppData\Local\Temp\EslWireSetup-1.17.3.7977-x64.exe E:\Users\Christian\AppData\Local\Temp\EslWireSetup-1.17.3.8001-x64.exe E:\Users\Christian\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe E:\Users\Christian\AppData\Local\Temp\NGM.exe E:\Users\Christian\AppData\Local\Temp\NGMDll.dll E:\Users\Christian\AppData\Local\Temp\NGMResource.dll E:\Users\Christian\AppData\Local\Temp\Process.exe E:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe E:\Users\Christian\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 17:02 ==================== End Of Log ============================ |
13.11.2014, 17:09 | #6 |
| Steam Inventory Hijacked durch ausführen einer .exeCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014 Ran by Christian at 2014-11-12 18:37:20 Running from E:\Users\Christian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\uTorrent) (Version: 3.4.2.35141 - BitTorrent Inc.) 3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - ) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - ) Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version: - ) Arma 3 Tools (HKLM-x32\...\Steam App 233800) (Version: - Bohemia Interactive) ArmA II Launcher (HKLM-x32\...\{AF364116-6A2F-43E6-9D12-901ACC3CDC00}) (Version: 1.4.0.0 - Spirited Machine) ArmaCon (HKLM-x32\...\{BBCC0288-3BFC-45F0-BC9A-A3CA45497801}) (Version: 0.0.1.0 - GSN Gaming) Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1300}) (Version: 12.19.0.3554 - APN, LLC) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BOINC (HKLM-x32\...\{4D12D805-50B2-4287-B3B9-AD4D74F85693}) (Version: 6.10.18 - Space Sciences Laboratory, U.C. Berkeley) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games) CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Contour Storyteller (HKLM-x32\...\Contour Storyteller 3.6.0) (Version: 3.6.0 - Contour) Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve) Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Ritual) Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version: - ) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{0BF23D45-7464-495C-B931-AC2933430CC1}) (Version: 1.09.47 - Dotjosh Open Source) DayZ Extrem SFX v1.0 (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\DayZ Extrem SFX v1.0) (Version: - ) Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - ) District 187 (HKLM-x32\...\Steam App 221080) (Version: - ) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare) Enhanced Steam Standalone (HKLM-x32\...\Enhanced Steam) (Version: - ) Epoch Launcher (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\de6ddf4941177887) (Version: 0.0.1.12 - Epoch Mod Team) EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.02.01 - ) ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios) Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.4.10.8 - DeviceVM, Inc.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FileZilla Client 3.2.7.1 (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\FileZilla Client) (Version: 3.2.7.1 - ) FireJump (HKLM-x32\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.8 - FireJump.net) Fraps (HKLM-x32\...\Fraps) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) FxVisor (HKLM-x32\...\{F691A1F5-2789-46CE-A45A-57763198D384}) (Version: 1.3.0 - Frameworkx) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry) Garry's Mod Manager (HKLM-x32\...\Garry's Mod Manager 8.20.0000) (Version: 8.20.0000 - Lansoftware) Garry's Mod Manager (x32 Version: 8.20.0000 - Lansoftware) Hidden Geeks3D.com FurMark 1.10.6 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com) GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - ) Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC) HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.023 - HTC Corporation) HTC Sync (HKLM-x32\...\{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}) (Version: 3.3.10 - HTC Corporation) HUAWEI DataCard Driver 4.20.12.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.) iDeer Blu-ray Player (HKLM-x32\...\iDeer Blu-ray Player) (Version: 1.2.1.1161 - iDeerApp Software Inc.) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.) K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - ) L3DT Standard v11.11.3.1 (remove only) (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\L3DT Standard (v11.11.3.1)) (Version: - ) League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games) Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - ) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Minecraft Note Block Studio version 3.1.1 (HKLM-x32\...\{85725958-E3A1-4D0F-862B-4CE4EDC71A5E}_is1) (Version: 3.1.1 - David Norgren) Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.03.1014 - Huawei Technologies Co.,Ltd) Mozilla Firefox 33.1 (x86 de) (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.2.0.0 - Electronic Arts) Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) Next Car Game (HKLM-x32\...\Steam App 228380) (Version: - Bugbear) Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear) Next Car Game Technology Sneak Peek 2.0 (HKLM-x32\...\Next Car Game Technology Sneak Peek) (Version: - Bugbear Entertainment) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Oil Rush (HKLM-x32\...\Steam App 200390) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.) PBO Manager v.1.4 beta (HKLM-x32\...\{0E3A79BF-E860-4371-8ABC-7AAEDD68DA0A}) (Version: 1.4.0 - ) PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-to-Word 3.1 Demo (HKLM-x32\...\PDF-to-Word 3.1 Demo) (Version: - ) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden PokerTH (HKLM-x32\...\PokerTH 0.9) (Version: 0.9 - www.pokerth.net) PokerTH (HKLM-x32\...\PokerTH 0.9.5) (Version: 0.9.5 - www.pokerth.net) PokerTH (HKLM-x32\...\PokerTH 1.0) (Version: 1.0 - www.pokerth.net) PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Quake II Demo (HKLM-x32\...\Quake2DemoUninstallKey) (Version: - ) Quake III Arena Point Release 1.32 (HKLM-x32\...\Quake III Arena Point Release 1.32) (Version: - ) Quick Media Converter (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\QUICKMEDIACONVERTER) (Version: - ) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version: - ) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier) SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - ) ShootMania Storm (HKLM-x32\...\Steam App 229870) (Version: - ) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - ) Spin Tires (HKLM-x32\...\{EA25A1D4-0CFB-4863-9B42-3E7EBD879644}) (Version: 1.0.1 - Oovee) Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version: - ) The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - ) TortoiseSVN 1.7.6.22632 (64 bit) (HKLM\...\{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}) (Version: 1.7.22632 - TortoiseSVN) TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.01.08 - ) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Vitrite (remove only) (HKLM-x32\...\Vitrite) (Version: - ) VLC media player 2.1.0-rc1 (HKLM-x32\...\VLC media player) (Version: 2.1.0-rc1 - VideoLAN) WarRock (HKLM-x32\...\Warrock EU) (Version: - ) WinBubble (HKU\S-1-5-21-1157228855-93186708-2366711758-1001\...\WinBubble) (Version: 2.0.1.32 - Lawrence Albert) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XSplit (HKLM-x32\...\{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}) (Version: 1.2.1303.0101 - SplitMediaLabs) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-10-2014 15:45:33 Windows Update 04-11-2014 15:51:32 Windows Update 10-11-2014 14:56:59 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 10-11-2014 14:57:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 11-11-2014 16:37:49 Windows Update 11-11-2014 20:33:12 Wiederherstellungsvorgang 11-11-2014 23:58:05 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-11-03 14:08 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts 178.24.16.46 al-admin.dev ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05B02859-0EFD-4932-8410-C299A62001C2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files (x86)\Microsoft IntelliType Pro\IPoint.exe Task: {315AA244-3DE3-471F-8521-56463F6D55F3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {3C9EA657-3466-4FEB-9D2C-515409FC8445} - System32\Tasks\{6BBC38DC-35B7-4675-B0B8-3F8B201BDA6E} => E:\Program Files (x86)\Steam\SteamApps\common\District 187\TheRaw.exe [2013-04-12] () Task: {4207584B-9107-49D8-A4FD-B962615FD8BE} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-09-09] (ASUSTeK Computer Inc.) Task: {4F1C39C4-2151-4849-A5C7-201C8EB4D17D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {57F76C17-2E32-4883-AE48-D2999A62D19A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001UA => E:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-23] (Facebook Inc.) Task: {5E0A922C-BB9C-4250-A9E5-E16E7FF477CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {5F287C7D-81C1-448B-B747-4CF1EA673D78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {71D524B5-CBEB-419B-8235-37F16EC5F8A0} - System32\Tasks\{0FB7B1F6-8C19-4FD4-B8C7-B382D30F6D34} => E:\Program Files (x86)\Steam\SteamApps\common\District 187\TheRaw.exe [2013-04-12] () Task: {729CD585-60E9-4C58-9F9B-298ED47B5118} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd) Task: {73B4FB17-ABC7-4EA0-8654-3ADCE2CF96D2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated) Task: {894CE1AE-5D46-4788-A948-6DE16BEF4644} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2009-08-19] (ASUSTeK Computer Inc.) Task: {8D0CE7AD-7C37-405B-AC9F-F2F39D67A565} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation) Task: {8F2E40B1-3A10-4BBD-BAD1-46575C91A0E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) Task: {97C29C59-2352-4B1F-98E9-D1718C8E4D53} - System32\Tasks\{5F90D747-CF98-4AD4-B122-B2118838691E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {B26A4B75-2039-4E57-BE93-D2C91546E66E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001Core => E:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-23] (Facebook Inc.) Task: {C108C6FD-F11D-4B7B-B177-88010E8C27D6} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-09-25] () Task: {F2E675EC-57C2-4F0E-B5B4-6C048AEAA2DA} - System32\Tasks\FRAPS => E:\Fraps\fraps.exe [2012-08-30] (Beepa P/L) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001Core.job => E:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1157228855-93186708-2366711758-1001UA.job => E:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-31 20:29 - 2014-01-31 20:30 - 00896512 _____ () E:\Users\Christian\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe 2012-09-05 13:48 - 2014-01-28 11:40 - 00663056 _____ () E:\Program Files\EslWire\service\WireHelperSvc.exe 2012-09-05 13:48 - 2014-10-09 15:22 - 00214016 _____ () E:\Program Files\EslWire\service\NocIPC64.dll 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2012-03-08 19:45 - 2012-03-08 19:45 - 00088856 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2009-08-23 18:24 - 2009-08-23 18:24 - 00098304 _____ () E:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2013-10-29 18:41 - 2012-11-01 11:49 - 00657504 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2012-04-13 10:12 - 2012-04-13 10:12 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2014-05-15 18:52 - 2014-05-15 18:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-01-31 20:29 - 2014-01-31 20:29 - 00040960 _____ () E:\Users\Christian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 2012-08-24 22:21 - 2010-08-11 10:32 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-08-24 22:21 - 2010-08-11 10:32 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2012-08-24 22:21 - 2010-08-11 10:32 - 00105584 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll 2012-08-24 22:21 - 2010-08-11 10:32 - 64643696 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00655360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe 2013-03-21 05:10 - 2013-03-21 05:10 - 00258944 _____ () E:\Program Files (x86)\Xfire\xfire64.exe 2014-03-14 12:58 - 2014-03-14 12:58 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2014-03-14 12:58 - 2014-03-14 12:58 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll 2014-03-14 12:58 - 2014-03-14 12:58 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2011-11-16 09:41 - 2014-08-07 19:33 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2011-11-16 09:41 - 2014-08-07 19:33 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-03-14 12:58 - 2014-03-14 12:58 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll 2014-03-14 12:58 - 2014-03-14 12:58 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll 2011-11-16 09:41 - 2014-08-07 19:33 - 00134088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll 2011-11-16 09:41 - 2014-08-07 19:33 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-09-09 14:07 - 2014-08-07 19:33 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-03-14 12:58 - 2014-03-14 12:58 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll 2011-12-26 00:46 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files\ASUS\Six Engine\ASUSSERVICE.DLL 2011-12-26 00:46 - 2009-08-27 19:41 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll 2011-12-26 00:46 - 2009-08-27 19:41 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll 2011-12-26 00:46 - 2009-05-22 14:16 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll 2011-12-26 00:46 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll 2013-10-29 18:41 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2013-10-29 18:41 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2013-10-29 18:41 - 2010-05-10 03:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2013-10-29 18:41 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2013-10-29 18:41 - 2012-11-01 11:26 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2013-10-29 18:41 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2012-04-30 08:55 - 2012-04-30 08:55 - 08358400 _____ () E:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll 2012-04-30 08:55 - 2012-04-30 08:55 - 00151040 _____ () E:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll 2012-04-30 08:55 - 2012-04-30 08:55 - 01152512 _____ () E:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll 2012-04-30 08:55 - 2012-04-30 08:55 - 00333824 _____ () E:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll 2012-04-30 08:55 - 2012-04-30 08:55 - 00026112 _____ () E:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll 2012-03-08 19:11 - 2012-03-08 19:11 - 00070424 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00393216 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll 2012-09-25 16:42 - 2012-09-25 16:42 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll 2014-11-10 16:17 - 2014-11-10 16:17 - 03649648 _____ () E:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00410624 _____ () E:\Program Files (x86)\Winamp\nsutil.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00078848 _____ () E:\Program Files (x86)\Winamp\nde.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00047616 _____ () E:\Program Files (x86)\Winamp\zlib.dll 2014-11-12 18:03 - 2014-11-12 18:03 - 00010752 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\auth.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00069120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\burnlib.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00013824 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\dsp_sps.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006656 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_fhgaac.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_flac.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005632 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_lame.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_vorbis.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_wav.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006144 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\enc_wma.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00023552 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_classicart.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00007168 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_crasher.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00023040 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_ff.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_find_on_disk.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00011264 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_hotkeys.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00041984 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_jumpex.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00021504 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_ml.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00009216 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_nopro.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00007168 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_orgler.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00011776 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_skinmanager.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00010240 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_timerestore.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00008192 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_tray.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00010752 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\gen_undo.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_avi.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00014336 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_cdda.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006656 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_dshow.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005632 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_flac.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_flv.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_linein.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00020480 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_midi.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004608 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_mkv.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00018944 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_mod.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00023040 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_mp3.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_mp4.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00011776 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_nsv.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_swf.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00011264 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_vorbis.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006656 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_wav.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005632 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_wave.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00015360 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_wm.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004608 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\in_wv.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_addons.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006656 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_autotag.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_bookmarks.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00008704 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_devices.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00047616 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_disc.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00009728 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_downloads.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004608 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_enqplay.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00008704 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_history.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_impex.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00056320 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_local.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_nowplaying.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00014336 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_online.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_orb.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00012800 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_playlists.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00034816 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_plg.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00047104 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_pmp.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00005120 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_rg.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00008192 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_transcode.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00014848 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ml_wire.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00036352 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\ombrowser.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006144 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\out_disk.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00016384 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\out_ds.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00007680 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\out_wave.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003072 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\playlist.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004608 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_activesync.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00020480 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_android.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00036864 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_ipod.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00003584 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_njb.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_p4s.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00011776 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_usb.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00039424 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\pmp_wifi.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00006144 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\tagz.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00088064 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\vis_avs.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00155648 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\vis_milk2.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00007680 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\vis_nsfs.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00204800 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\winamp.lng 2014-11-12 18:03 - 2014-11-12 18:03 - 00004096 _____ () E:\Users\Christian\AppData\Local\Temp\WLZ6F47.tmp\winampa.lng 2011-07-11 22:48 - 2011-11-26 01:30 - 00023040 _____ () E:\Program Files (x86)\Winamp\System\albumart.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00174080 _____ () E:\Program Files (x86)\Winamp\System\auth.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00019456 _____ () E:\Program Files (x86)\Winamp\System\bmp.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00044544 _____ () E:\Program Files (x86)\Winamp\System\devices.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00016896 _____ () E:\Program Files (x86)\Winamp\System\dlmgr.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00014336 _____ () E:\Program Files (x86)\Winamp\System\filereader.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00019456 _____ () E:\Program Files (x86)\Winamp\System\gif.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00016384 _____ () E:\Program Files (x86)\Winamp\System\gracenote.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00623616 _____ () E:\Program Files (x86)\Winamp\System\jnetlib.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00154624 _____ () E:\Program Files (x86)\Winamp\System\jpeg.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00084480 _____ () E:\Program Files (x86)\Winamp\System\playlist.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00103936 _____ () E:\Program Files (x86)\Winamp\System\png.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00013824 _____ () E:\Program Files (x86)\Winamp\System\primo.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00021504 _____ () E:\Program Files (x86)\Winamp\System\tagz.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00035328 _____ () E:\Program Files (x86)\Winamp\System\timer.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00090112 _____ () E:\Program Files (x86)\Winamp\System\xml.w5s 2011-07-11 22:48 - 2011-11-26 01:30 - 00068608 _____ () E:\Program Files (x86)\Winamp\Plugins\in_avi.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00102400 _____ () E:\Program Files (x86)\Winamp\Plugins\in_cdda.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00072192 _____ () E:\Program Files (x86)\Winamp\Plugins\in_dshow.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00060928 _____ () E:\Program Files (x86)\Winamp\Plugins\in_flac.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00043008 _____ () E:\Program Files (x86)\Winamp\Plugins\in_flv.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00007168 _____ () E:\Program Files (x86)\Winamp\Plugins\in_linein.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00109568 _____ () E:\Program Files (x86)\Winamp\Plugins\in_midi.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00049152 _____ () E:\Program Files (x86)\Winamp\Plugins\in_mkv.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00165376 _____ () E:\Program Files (x86)\Winamp\Plugins\in_mod.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00285696 _____ () E:\Program Files (x86)\Winamp\Plugins\in_mp3.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00050688 _____ () E:\Program Files (x86)\Winamp\Plugins\in_mp4.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00074752 _____ () E:\Program Files (x86)\Winamp\Plugins\in_nsv.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00023552 _____ () E:\Program Files (x86)\Winamp\Plugins\in_swf.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00252416 _____ () E:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00016896 _____ () E:\Program Files (x86)\Winamp\Plugins\in_wave.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00253440 _____ () E:\Program Files (x86)\Winamp\libsndfile.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00313344 _____ () E:\Program Files (x86)\Winamp\Plugins\in_wm.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00022528 _____ () E:\Program Files (x86)\Winamp\Plugins\out_disk.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00052224 _____ () E:\Program Files (x86)\Winamp\Plugins\out_ds.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00018432 _____ () E:\Program Files (x86)\Winamp\Plugins\out_wave.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 01737728 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_ff.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00083968 _____ () E:\Program Files (x86)\Winamp\tataki.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00340992 _____ () E:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2011-07-11 22:48 - 2011-11-26 01:30 - 00027648 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll 2010-11-10 18:29 - 2011-11-26 01:30 - 00183808 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00312832 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_ml.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00293376 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_local.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00082944 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00124928 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_online.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00249856 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_devices.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00200192 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_disc.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00240640 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00029696 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_activesync.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00060928 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_android.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00170496 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00020480 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00118272 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00053760 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00113152 _____ () E:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00027648 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00052224 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_history.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00028672 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00057344 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_impex.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00083456 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_plg.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00033792 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_rg.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00031744 _____ () E:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00057344 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 00025600 _____ () E:\Program Files (x86)\Winamp\Plugins\gen_tray.dll 2011-07-11 22:48 - 2011-11-26 01:30 - 01090048 _____ () E:\Program Files (x86)\Winamp\System\aacdec.w5s 2014-11-11 22:52 - 2014-11-11 22:52 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll 2014-08-23 08:13 - 2014-08-21 19:15 - 01171456 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-23 08:13 - 2014-08-21 19:15 - 00442368 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-23 08:13 - 2014-08-21 19:15 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll 2013-03-12 17:10 - 2014-10-02 00:16 - 00774656 _____ () E:\Program Files (x86)\Steam\SDL2.dll 2014-05-22 23:01 - 2014-11-11 03:03 - 02227904 _____ () E:\Program Files (x86)\Steam\video.dll 2014-08-23 08:13 - 2014-08-21 19:15 - 00403968 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-23 08:13 - 2014-08-21 19:15 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll 2011-12-27 01:44 - 2014-11-11 03:03 - 00690880 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL 2011-12-27 01:44 - 2014-10-27 19:53 - 34589888 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 MSCONFIG\Services: UxTuneUp => 2 MSCONFIG\startupfolder: E:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: boincmgr => "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s MSCONFIG\startupreg: boinctray => "C:\Program Files (x86)\BOINC\boinctray.exe" MSCONFIG\startupreg: ContourCameraFinder => "E:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe" MSCONFIG\startupreg: ESL Wire => "E:\Program Files\EslWire\wire.exe" --tray MSCONFIG\startupreg: Facebook Update => "E:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: FalNET G19 Display Manager => "C:\Program Files (x86)\FalNET G19 Display Manager\FalNET G19 Display Manager.exe" MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: Logitech G35 => C:\Program Files (x86)\Logitech\G35\G35.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: PDFPrint => E:\Program Files (x86)\PDF24\pdf24.exe ========================= Accounts: ========================== Administrator (S-1-5-21-1157228855-93186708-2366711758-500 - Administrator - Disabled) Christian (S-1-5-21-1157228855-93186708-2366711758-1001 - Administrator - Enabled) => E:\Users\Christian Gast (S-1-5-21-1157228855-93186708-2366711758-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1157228855-93186708-2366711758-1007 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/12/2014 04:54:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.IOException Stapel: bei System.Xml.XmlTextReaderImpl.OpenUrl() bei System.Xml.XmlTextReaderImpl.Read() bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) bei System.Xml.XmlDocument.Load(System.Xml.XmlReader) bei System.Xml.XmlDocument.Load(System.String) bei Avira.OE.WinCore.OeSettingsAccessor.LoadXmlDocumentFromFile() bei Avira.OE.WinCore.OeSettingsAccessor.Get(System.String) bei Avira.OE.ServiceHost.BundleIdReporter.GetBundleId() bei Avira.OE.ServiceHost.BundleIdReporter.SendBundleId() bei Avira.OE.ServiceHost.ServiceHost.CheckBundledProducts() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (11/12/2014 04:14:24 AM) (Source: Google Update) (EventID: 20) (User: Christian-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, wpad=0, script=data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1HdnRBRWxhRFZ6OCZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned Error: (11/12/2014 01:14:13 AM) (Source: Google Update) (EventID: 20) (User: Christian-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, wpad=0, script=data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1HdnRBRWxhRFZ6OCZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned Error: (11/10/2014 07:29:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003c32dc ID des fehlerhaften Prozesses: 0x1bf8 Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 04:34:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65722074 ID des fehlerhaften Prozesses: 0x11ac Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 04:14:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa000437f ID des fehlerhaften Prozesses: 0x1e48 Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 04:12:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa000437f ID des fehlerhaften Prozesses: 0x1dec Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 04:06:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa000437f ID des fehlerhaften Prozesses: 0xcc8 Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 03:59:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa000437f ID des fehlerhaften Prozesses: 0x1e60 Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 Error: (11/10/2014 03:50:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: arma3.exe, Version: 1.34.128.75, Zeitstempel: 0x5458d0b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa000437f ID des fehlerhaften Prozesses: 0x182c Startzeit der fehlerhaften Anwendung: 0xarma3.exe0 Pfad der fehlerhaften Anwendung: arma3.exe1 Pfad des fehlerhaften Moduls: arma3.exe2 Berichtskennung: arma3.exe3 System errors: ============= Error: (11/12/2014 04:54:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/12/2014 04:54:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/12/2014 04:54:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/12/2014 04:54:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/12/2014 04:54:53 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (11/12/2014 04:54:53 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (11/12/2014 04:54:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/12/2014 04:54:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/12/2014 04:54:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/12/2014 04:54:42 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (11/12/2014 04:54:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.IOException Stapel: bei System.Xml.XmlTextReaderImpl.OpenUrl() bei System.Xml.XmlTextReaderImpl.Read() bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) bei System.Xml.XmlDocument.Load(System.Xml.XmlReader) bei System.Xml.XmlDocument.Load(System.String) bei Avira.OE.WinCore.OeSettingsAccessor.LoadXmlDocumentFromFile() bei Avira.OE.WinCore.OeSettingsAccessor.Get(System.String) bei Avira.OE.ServiceHost.BundleIdReporter.GetBundleId() bei Avira.OE.ServiceHost.BundleIdReporter.SendBundleId() bei Avira.OE.ServiceHost.ServiceHost.CheckBundledProducts() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (11/12/2014 04:14:24 AM) (Source: Google Update) (EventID: 20) (User: Christian-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, wpad=0, script=data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1HdnRBRWxhRFZ6OCZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned Error: (11/12/2014 01:14:13 AM) (Source: Google Update) (EventID: 20) (User: Christian-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, wpad=0, script=data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1HdnRBRWxhRFZ6OCZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTA3OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned Error: (11/10/2014 07:29:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2arma3.exe1.34.128.755458d0b2c0000005003c32dc1bf801cffd1288a1a895E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeE:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe75dc6207-6907-11e4-bd43-485b39002888 Error: (11/10/2014 04:34:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c00000056572207411ac01cffcfa490cedffE:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknown17a58fad-68ef-11e4-bd43-485b39002888 Error: (11/10/2014 04:14:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c0000005a000437f1e4801cffcf8d48f77ddE:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknown4fe4aa86-68ec-11e4-9985-485b39002888 Error: (11/10/2014 04:12:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c0000005a000437f1dec01cffcf864dc8a5aE:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknownf8efb802-68eb-11e4-9985-485b39002888 Error: (11/10/2014 04:06:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c0000005a000437fcc801cffcf79bed70eaE:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknown2ab45735-68eb-11e4-9985-485b39002888 Error: (11/10/2014 03:59:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c0000005a000437f1e6001cffcf69d144861E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknown1b876889-68ea-11e4-9985-485b39002888 Error: (11/10/2014 03:50:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: arma3.exe1.34.128.755458d0b2unknown0.0.0.000000000c0000005a000437f182c01cffcf55c099339E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exeunknowne6c0875a-68e8-11e4-9985-485b39002888 CodeIntegrity Errors: =================================== Date: 2013-07-28 01:55:20.229 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-28 01:55:20.145 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-28 01:53:34.372 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-28 01:53:34.291 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:05:29.156 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:05:29.078 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:02:46.646 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:02:46.583 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:02:46.100 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-17 19:02:46.037 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz Percentage of memory in use: 41% Total physical RAM: 8190.05 MB Available physical RAM: 4794.69 MB Total Pagefile: 16378.29 MB Available Pagefile: 11661.16 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (SSD Betriebssystem) (Fixed) (Total:119.14 GB) (Free:38.56 GB) NTFS Drive e: (Die Hauptfestplatte) (Fixed) (Total:931.51 GB) (Free:68.03 GB) NTFS Drive f: (Die zu kleine Festlatte) (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS Drive g: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 0EDAE412) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 149.1 GB) (Disk ID: D30CD30C) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C955F8C7) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Christian Wigger |
14.11.2014, 16:34 | #7 | |
/// the machine /// TB-Ausbilder | Steam Inventory Hijacked durch ausführen einer .exeZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.11.2014, 18:32 | #8 |
| Steam Inventory Hijacked durch ausführen einer .exe Hallo, Ja das ist für den Zugang zu unserer Arma3 Database, also nichts schlimmes MfG christian |
15.11.2014, 19:58 | #9 |
/// the machine /// TB-Ausbilder | Steam Inventory Hijacked durch ausführen einer .exe sonst sehe ich nix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.11.2014, 16:00 | #10 |
| Steam Inventory Hijacked durch ausführen einer .exe sorry für die späte Antwort, war auf Montage. Vielen Dank für deine Hilfe TOP |
22.11.2014, 12:12 | #11 |
/// the machine /// TB-Ausbilder | Steam Inventory Hijacked durch ausführen einer .exe Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Steam Inventory Hijacked durch ausführen einer .exe |
account, achtung, anderen, anzeige, avira, chancen, datei, einlog, folge, guten, hintergrund, homepage, leer, log, neu, nichts, passwörter, problem, programm, seite, sichtbar, steam, systemwiederherstellung, verhindert, wunsch |