|
Plagegeister aller Art und deren Bekämpfung: Pc ist zu langsam Und ich habe keine ahnugn, was ich tun sollWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.01.2015, 22:50 | #16 |
Ruhe in Frieden † 2019 | Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Das ist immer noch nicht das Log von Malwarebytes was ich brauche, mache den Scan bitte nochmal. Schritt 1
|
20.01.2015, 20:08 | #17 |
| Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Ich habe nun von Avira immer Viren anzeigen bekommen letztens hat es mir eine anzeige gegeben,die wie folgt lautete. Avira fand 549 Viren oder ünerwünschte programme das kam jetzt auch wieder aber nur mit 5, dann blockt es dateien, in denen keine Viren enthalten waren, also früher und ich kann sie nicht mehr spielen. Zum beispiel League of Legends usw werden alle geblockt und ich kann sie nicht starten. das wird immer schlimmer. ohne das ich etwas mache o.O
__________________Ich hoffe wir bekommen das noch hin meine ganze wirklich ganze hoffnung liegt bei ihnen Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.01.2015 Suchlauf-Zeit: 19:21:31 Logdatei: mbam.txt Administrator: Nein Version: 2.00.4.1028 Malware Datenbank: v2015.01.20.08 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Gast Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293526 Verstrichene Zeit: 29 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 8 PUP.Optional.Adpeak.A, HKLM\SOFTWARE\allday savings, , [04a4aa4ff7929b9ba5a2e6ab2bd83bc5], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, , [f1b737c2c5c48ea8c8ec8b6953b13ec2], PUP.Optional.SavingsExplorer.A, HKLM\SOFTWARE\WOW6432NODE\Savings Explorer, , [b4f425d43b4e81b568747429e81b58a8], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15-nv, , [1791ec0dea9f2f07b794912340c3b54b], PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10, , [5355e9104940ea4c9c8f62309f644db3], PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10-nv, , [2e7a9f5adfaabc7ad9521b77a2619e62], PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv 2, , [3177b1487910999d43fb02866d968080], PUP.Optional.Qualitink.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ljkcijnbckdflhifmbnfnkjacokloacf, , [4e5abf3a5f2a66d0be3f12847f84e11f], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 2 PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://www.istartsurf.com/web/?type=ds&ts=1408631283&from=ild&uid=HitachiXHDS721050CLA360_JP1572FR1P92PK1P92PKX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1408631283&from=ild&uid=HitachiXHDS721050CLA360_JP1572FR1P92PK1P92PKX&q={searchTerms}),,[78301cdd0584ff370176ff93bc49fa06] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://www.istartsurf.com/web/?type=ds&ts=1408631283&from=ild&uid=HitachiXHDS721050CLA360_JP1572FR1P92PK1P92PKX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1408631283&from=ild&uid=HitachiXHDS721050CLA360_JP1572FR1P92PK1P92PKX&q={searchTerms}),,[7d2b1fdadaaf5ed81e5be6ac95701be5] Ordner: 2 PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, , [43655f9a5435c76f3f45fa68f90a06fa], Dateien: 16 PUP.Optional.SnapDo.A, C:\Windows\Installer\1864e99.msi, , [81270fea7f0aad8918383473bb4641bf], Trojan.FakeMS, C:\Windows\Installer\23806b.msi, , [bbed25d4a4e596a0dda60aff6b97ec14], PUP.Optional.SmartBar, C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Installer.CustomActions.dll, , [9e0ad623d4b5d75f4939b47a04fcdf21], Trojan.Agent, C:\Program Files (x86)\Microsoft\DesktopLayer.exe, , [6246bb3e9decce685d1d9b59897a9c64], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\1293297481.mxaddon, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\1d7a678c-2599-4f2a-b180-eaaadf1cfcad.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\1db16b81-14f2-458c-8501-52fcd3ac4400.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\1db16b81-14f2-458c-8501-52fcd3ac4400.xpi, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38.xpi, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38_.xpi, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\61099b86-a8d2-47b2-b788-4f68057e44e9.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\d5f524cc-761a-4bd1-bea6-be332b4afab4.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\f4c8b5ff-9bb3-421d-b5a2-fab0c91e33ee.crx, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10.ico, , [1f8902f74d3cf4427f4f0a4c3ec525db], PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\uninstaller.exe, , [43655f9a5435c76f3f45fa68f90a06fa], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
21.01.2015, 22:33 | #18 |
Ruhe in Frieden † 2019 | Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Hallo,
__________________nö, brauchst keinen Scan mit Avira machen, schmeiss es einfach runter und nimm Avast aber schau, dass sich da keine legitimen Dateien mehr in der Quarantäne befinden... Lösche bitte nun die Funde von MBAM und mache ein neues Log mit FRST Schritt 1 Starte noch einmal FRST.
__________________ |
22.01.2015, 15:35 | #19 |
| Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Wird gemacht die Files kommen in 2-3 Minuten FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Margit (administrator) on JUSTIN-PC on 22-01-2015 15:31:13 Running from C:\Users\Gast\Downloads Loaded Profiles: Margit & Gast (Available profiles: Margit & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Drakonia Configurator\hid.exe () C:\Program Files (x86)\Monitor.EXE () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] () HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Monitor.exe [475136 2014-02-26] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [GoogleChromeAutoLaunch_BB36B386FC91F3D4CC09C0FCB27081F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Akamai NetSession Interface] => C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Speed AutoClicker] => "C:\Users\Gast\Desktop\SpeedAutoClicker.exe" -startup HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bcbinit.vbs () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 ProxyEnable: [S-1-5-21-3413827966-1155256820-1680526860-501] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> DefaultScope {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {805669DD-CC80-4E13-AF01-E6BBB8F7C34F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {B45C6E68-E31C-45D8-AD1E-4DE9B593D291} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: SmartSaver+ 15 -> {11111111-1111-1111-1111-110611171196} -> C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho64.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default FF NetworkProxy: "type", FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-501: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Amazon-Icon - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\amazon-icon@giga.de [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org [2013-10-20] FF Extension: qualitink - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox@qualitink.net [2013-11-15] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2013-10-20] FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff [Not Found] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (YouTube) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (AdBlock Premium) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-24] CHR Extension: (Google Wallet) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jpfpfhlafnadialopcnmpnnonkoncnej] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3625\ch\MediaBuzzV1mode3625.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [oeajfgfbfkoagohfgaimemkippdnedli] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ch\RichMediaViewV1release393.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2015-01-20] (AVM Berlin) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-29] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-15] () S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] () R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-15] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 ALSysIO; \??\C:\Users\Margit\AppData\Local\Temp\ALSysIO64.sys [X] S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 drvr; \??\C:\Windows\system32\drivers\drvr.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 19:32 - 2015-01-21 19:33 - 07374858 _____ () C:\Users\Gast\Downloads\Metro.zip 2015-01-20 22:23 - 2015-01-20 22:23 - 01258741 _____ () C:\Users\Gast\Desktop\Skyoe.dib 2015-01-20 19:51 - 2015-01-20 19:51 - 00014704 _____ () C:\Users\Margit\Downloads\mbam-log-2015-01-20 (19-21-18).xml 2015-01-20 19:51 - 2015-01-20 19:51 - 00005212 _____ () C:\Users\Gast\Desktop\mbam.txt 2015-01-17 19:27 - 2015-01-17 19:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-17 19:27 - 2015-01-17 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-17 19:26 - 2015-01-17 19:26 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Gast\Downloads\SkypeSetup.exe 2015-01-17 19:11 - 2015-01-17 19:11 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Margit\Downloads\Shockwave_Installer_Slim.exe 2015-01-17 14:46 - 2015-01-17 14:48 - 00043993 _____ () C:\Users\Gast\Downloads\Addition.txt 2015-01-17 14:31 - 2015-01-22 15:31 - 00000000 ____D () C:\Users\Gast\Downloads\FRST-OlderVersion 2015-01-14 15:54 - 2015-01-14 15:54 - 00002067 _____ () C:\Users\Public\Desktop\AMD OverDrive.lnk 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-01-14 12:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:44 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:44 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-12 19:17 - 2015-01-12 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-01-12 19:17 - 2015-01-12 19:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2015-01-11 01:39 - 2015-01-11 01:39 - 00001813 _____ () C:\Users\Margit\Desktop\MbamSuchlauf.txt 2015-01-10 18:41 - 2015-01-10 18:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-10 18:40 - 2015-01-10 18:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 18:40 - 2015-01-10 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-10 18:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-10 18:39 - 2015-01-10 18:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-10 18:29 - 2015-01-12 19:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-10 18:28 - 2015-01-12 19:17 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\Users\Margit\AppData\Local\A 2015-01-02 12:41 - 2015-01-02 12:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Aeria Games 2015-01-02 00:28 - 2015-01-02 00:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Aeria Games 2015-01-02 00:27 - 2015-01-02 00:27 - 00000000 ____D () C:\ProgramData\Aeria Games 2015-01-02 00:26 - 2015-01-02 00:26 - 00001665 _____ () C:\Users\Margit\Desktop\S4 League.lnk 2015-01-02 00:26 - 2015-01-02 00:26 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00002028 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Aeria Games & Entertainment 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Program Files (x86)\Aeria Games 2015-01-01 05:38 - 2015-01-01 21:01 - 00001241 _____ () C:\Users\Margit\Desktop\Guns And Robots.lnk 2015-01-01 05:38 - 2015-01-01 06:20 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guns And Robots 2015-01-01 05:38 - 2015-01-01 05:40 - 00000000 ____D () C:\Users\Margit\AppData\Local\Guns And Robots 2015-01-01 03:05 - 2015-01-01 03:05 - 00001199 _____ () C:\Users\Margit\Desktop\NosTale - Verknüpfung.lnk 2014-12-31 23:19 - 2014-12-31 23:19 - 00003010 _____ () C:\Windows\System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} 2014-12-31 23:16 - 2014-12-31 23:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-12-31 23:10 - 2014-12-31 23:10 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OpenOffice 2014-12-31 14:05 - 2014-12-31 14:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\MingGuan 2014-12-31 13:53 - 2014-12-31 14:00 - 00000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skiller Pro 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\Program Files (x86)\skins 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:52 - 2014-12-31 13:52 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\InstallShield 2014-12-31 13:44 - 2015-01-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator 2014-12-31 13:44 - 2014-12-31 13:44 - 01192533 _____ () C:\Windows\unins001.exe 2014-12-31 13:44 - 2014-12-31 13:44 - 00017982 _____ () C:\Windows\unins001.dat 2014-12-31 13:44 - 2014-12-31 13:44 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\MingGuan 2014-12-31 13:44 - 2014-12-31 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia 2014-12-30 11:35 - 2014-12-30 19:55 - 00000000 ____D () C:\AdwCleaner 2014-12-29 23:04 - 2014-12-29 23:05 - 06594837 _____ () C:\Users\Gast\Downloads\Z0rker.zip 2014-12-29 17:05 - 2014-12-29 17:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\LolClient 2014-12-29 00:38 - 2014-12-29 00:38 - 00001129 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2014-12-29 00:37 - 2014-12-29 00:43 - 00000000 ____D () C:\Users\Margit\AppData\Local\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2014-12-29 00:02 - 2014-12-29 00:02 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieBrowserModeList 2014-12-28 23:26 - 2015-01-22 15:32 - 00025069 _____ () C:\Users\Gast\Downloads\FRST.txt 2014-12-28 23:22 - 2015-01-22 15:31 - 00000000 ____D () C:\FRST 2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieBrowserModeList 2014-12-28 21:55 - 2015-01-22 15:31 - 02126848 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe 2014-12-28 21:09 - 2014-12-28 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) 2014-12-28 17:16 - 2015-01-19 20:24 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-28 17:05 - 2014-12-28 17:05 - 00000000 ____D () C:\Users\Margit\AppData\Local\Logitech 2014-12-27 02:50 - 2014-12-27 02:50 - 00000000 ____D () C:\Users\Margit\Documents\Raiderz 2014-12-27 02:19 - 2014-12-27 02:42 - 00000000 ___HD () C:\ArcTemp 2014-12-27 02:12 - 2014-12-27 02:17 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Arc 2014-12-27 02:12 - 2014-12-27 02:12 - 00000000 ____D () C:\Users\Public\Documents\Arc 2014-12-27 02:07 - 2014-12-28 23:13 - 00000000 ____D () C:\Program Files (x86)\Arc 2014-12-27 02:07 - 2014-12-27 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-12-27 01:30 - 2014-12-27 01:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\FiestaOnline 2014-12-23 23:25 - 2014-12-23 23:25 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\7road ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 15:32 - 2014-07-12 17:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\.minecraft 2015-01-22 15:31 - 2014-10-22 21:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-22 15:26 - 2012-12-17 10:33 - 01605041 _____ () C:\Windows\WindowsUpdate.log 2015-01-22 15:23 - 2014-06-18 16:44 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype 2015-01-22 15:18 - 2012-12-17 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-22 14:15 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-22 14:15 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-22 14:08 - 2014-10-22 21:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-22 14:08 - 2014-04-17 20:18 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2015-01-22 14:07 - 2014-10-24 13:04 - 00023790 _____ () C:\Windows\setupact.log 2015-01-22 14:07 - 2013-06-13 12:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-22 14:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 19:37 - 2014-04-25 16:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\.minecraft 2015-01-21 19:31 - 2014-08-17 23:50 - 00000000 ____D () C:\Users\Gast\Desktop\huzuni 2015-01-21 14:29 - 2014-07-16 18:28 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Craften Terminal 2015-01-20 20:27 - 2013-04-06 01:31 - 00000000 ____D () C:\Program Files (x86)\HyperCam 3 2015-01-20 20:09 - 2014-09-28 15:33 - 00000000 ____D () C:\Users\Gast\Desktop\Floral Flyff Client 2015-01-20 20:02 - 2013-05-14 18:01 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-01-20 19:57 - 2013-09-13 19:13 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Craften Terminal 2015-01-20 19:46 - 2014-04-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 19:43 - 2014-02-02 16:22 - 00000000 ____D () C:\Users\Margit\AppData\Local\Temp3630fecaa073aa021a2f274d8493fd83 2015-01-20 19:43 - 2013-02-16 19:06 - 00000000 ____D () C:\Users\Margit\AppData\Local\mcpatcher 2015-01-20 19:42 - 2014-12-07 12:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\TeamSpeak 3 Client 2015-01-20 19:31 - 2014-08-21 15:26 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec V10 2015-01-20 19:31 - 2014-05-29 11:23 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-20 19:31 - 2014-05-28 20:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-20 19:29 - 2014-07-16 18:28 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal 2015-01-20 19:28 - 2012-12-17 10:46 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-19 16:30 - 2014-07-25 22:41 - 00000000 ____D () C:\Users\Margit\AppData\Local\LogMeIn Hamachi 2015-01-19 16:20 - 2012-12-08 20:26 - 00000000 ____D () C:\Users\Gast\Desktop\Minecraft Bukkit Server 1.6.4 2015-01-17 20:43 - 2012-12-21 11:53 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-17 19:27 - 2012-12-21 11:53 - 00000000 ____D () C:\ProgramData\Skype 2015-01-17 19:13 - 2014-10-24 13:03 - 00052542 _____ () C:\Windows\PFRO.log 2015-01-17 18:58 - 2012-12-21 11:53 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Skype 2015-01-17 18:54 - 2014-04-23 16:06 - 00275968 ___SH () C:\Users\Margit\Desktop\Thumbs.db 2015-01-17 11:33 - 2014-10-22 21:22 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-15 20:30 - 2013-05-14 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN 2015-01-14 22:08 - 2013-07-13 02:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 22:08 - 2012-12-17 12:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 16:18 - 2012-12-17 13:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 16:18 - 2012-12-17 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 16:18 - 2012-12-17 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 15:52 - 2013-06-21 15:36 - 00000000 ____D () C:\Users\Margit\AppData\Local\Downloaded Installations 2015-01-13 22:07 - 2014-09-30 14:49 - 00000180 _____ () C:\Users\Gast\Desktop\Neues Textdokument (3).txt 2015-01-10 18:29 - 2012-12-21 17:09 - 00000000 ____D () C:\Users\Margit\AppData\Local\Adobe 2015-01-09 18:32 - 2014-11-06 17:50 - 00000000 ____D () C:\Users\Gast\Desktop\NosTale 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-02 00:19 - 2014-12-22 20:49 - 00000000 ____D () C:\AeriaGames 2015-01-02 00:19 - 2014-06-27 19:24 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2015-01-02 00:10 - 2014-05-03 21:34 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2015-01-01 21:01 - 2013-07-09 12:29 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-01-01 05:40 - 2014-02-27 12:14 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Apple Computer 2015-01-01 02:51 - 2014-05-30 11:22 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-01 02:46 - 2014-11-06 17:39 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2015-01-01 02:46 - 2012-12-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2014-12-31 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-31 23:37 - 2014-07-24 17:53 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-12-31 23:37 - 2014-06-23 20:16 - 00000000 ____D () C:\Users\Gast\Documents\My Games 2014-12-31 23:16 - 2012-12-17 10:45 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-31 14:01 - 2014-07-13 20:37 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client 2014-12-31 13:53 - 2012-12-17 10:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-31 13:28 - 2014-05-30 11:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2014-12-30 12:05 - 2014-11-28 18:43 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2014-12-30 12:04 - 2014-12-20 19:01 - 00000000 ____D () C:\Windows\system32\log 2014-12-29 22:09 - 2013-04-22 14:55 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-29 15:45 - 2014-05-30 11:22 - 00109152 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 15:42 - 2009-07-14 05:45 - 00390200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-29 00:37 - 2014-02-20 16:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-29 00:37 - 2012-12-17 10:46 - 00109152 _____ () C:\Users\Margit\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 00:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-12-28 23:54 - 2014-12-22 20:44 - 00000000 ____D () C:\Users\Gast\AppData\Local\Akamai 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Samsung 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Local\Samsung 2014-12-28 23:20 - 2014-04-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-12-28 23:20 - 2014-02-06 16:59 - 00000000 ____D () C:\ProgramData\Samsung 2014-12-28 23:17 - 2014-09-20 19:14 - 00000000 ____D () C:\ProgramData\NexonUS 2014-12-28 23:16 - 2014-03-20 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-28 23:16 - 2014-03-20 21:56 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-28 23:15 - 2014-03-20 21:59 - 00000000 ____D () C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Premium_Download_Version 2014-12-28 23:10 - 2013-04-03 16:02 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-28 23:07 - 2014-03-14 16:07 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\ProgramData\Freemake 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-12-28 23:06 - 2014-05-26 09:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-28 23:05 - 2014-07-31 00:37 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2014-12-28 23:01 - 2013-09-09 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-28 23:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-25 18:10 - 2014-07-09 09:47 - 00000000 ____D () C:\Users\Gast\AppData\Local\fabi.me 2014-12-25 13:51 - 2014-11-06 16:05 - 00000000 ____D () C:\Users\Margit\AppData\Local\Windows Live 2014-12-25 00:49 - 2014-12-21 18:35 - 00000000 ____D () C:\Users\Margit\AppData\Local\mfbot.de 2014-12-24 19:24 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Margit 2014-12-23 18:02 - 2014-12-20 18:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\mfbot.de ==================== Files in the root of some directories ======= 2014-12-31 13:53 - 2014-12-31 14:00 - 0000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2012-08-14 22:41 - 0061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:53 - 2013-09-12 14:15 - 0331510 _____ () C:\Program Files (x86)\Icon.ico 2014-12-31 13:53 - 2014-09-03 15:58 - 0057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 0475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2006-08-22 15:05 - 0002238 _____ () C:\Program Files (x86)\Uninstall.ico 2013-08-18 12:44 - 2013-08-18 12:46 - 0047104 ___SH () C:\Users\Margit\AppData\Roaming\Thumbs.db 2014-02-20 21:57 - 2014-03-14 12:56 - 0000053 _____ () C:\Users\Margit\AppData\Roaming\WB.CFG 2012-12-20 17:46 - 2013-04-06 03:00 - 0007680 _____ () C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Users\Margit\Desktopasdasd.exe C:\Users\Margit\S4_League.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Gast\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2887jnks.dll C:\Users\Gast\AppData\Local\Temp\_is787A.exe C:\Users\Gast\AppData\Local\Temp\_isC1B9.exe C:\Users\Gast\AppData\Local\Temp\_isE60B.exe C:\Users\Gast\AppData\Local\Temp\_isF4E9.exe C:\Users\Margit\AppData\Local\Temp\avgnt.exe C:\Users\Margit\AppData\Local\Temp\Bypass.dll C:\Users\Margit\AppData\Local\Temp\Quarantine.exe C:\Users\Margit\AppData\Local\Temp\sqlite3.dll C:\Users\Margit\AppData\Local\Temp\_is1B8C.exe C:\Users\Margit\AppData\Local\Temp\_is363D.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 20:52 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Margit at 2015-01-22 15:32:42 Running from C:\Users\Gast\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Akamai) (Version: - Akamai Technologies, Inc) allday savings (HKLM\...\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A) (Version: 2.0.1 - allday savings) AMD Catalyst Install Manager (HKLM\...\{047D5657-1DAC-2B16-E110-F4A9C0E7EF2C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4310 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC Universe Online (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment) DC Universe Online Live (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment) DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Guns And Robots (HKLM-x32\...\Guns And Robots) (Version: 1.0 - Mastheadstudios Ltd.) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version: - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech) Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.) Logitech Z-series Software 1.04 (HKLM\...\{B38BCB00-1C17-48F5-BB94-584BB89D34D0}) (Version: 1.04.153 - Logitech) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden MAGIX Music Maker MX Premium Download Version (x32 Version: 18.0.0.42 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) S4 League (HKLM-x32\...\S4 League) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Spotify) (Version: 0.9.14.11.g7e298e37 - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Update kb77600 (HKLM-x32\...\{79BB0733-58A2-486C-AA02-F9BAB929EFF8}) (Version: 1.0.0 - MSR) <==== ATTENTION Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Treiber-Studio 2013 (HKLM\...\{2D3471B9-8671-46F0-9947-4C0DB6234403}) (Version: 8.1.428 - Publish Data) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) YouTube (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659) (Version: 1.0.9.53204 - Pokki) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-01-2015 15:53:27 Installed AMD OverDrive. 14-01-2015 22:08:00 Windows Update 17-01-2015 19:01:47 Windows-Sicherung 17-01-2015 19:06:31 Removed Skype™ 7.0 17-01-2015 19:10:26 Removed Skype Click to Call 18-01-2015 19:00:20 Windows-Sicherung 20-01-2015 15:29:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 14:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00BFA346-0F61-4DB5-94CB-5A5D7D52CFB9} - System32\Tasks\{E853544F-29DE-4A80-9A15-633B15B19F21} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\pushinst.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {03EA357E-52D0-413D-8D49-E1F45E0A4E95} - System32\Tasks\{06818C6F-1EE9-4624-BF19-CF01A8F021B5} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {0D6A0BA9-DF4E-4168-8AB5-2A3CA14209C1} - System32\Tasks\{2A83181E-E6A5-40A8-A1E7-0EDC4B1878FC} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {1F34B0D5-B054-42DE-A0C4-BC12095BA138} - System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} => pcalua.exe -a E:\Setup\Setup.exe -d E:\ Task: {24723AB7-117D-437B-89F4-20634CDC8F09} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {27D18596-A4E7-49C1-8B22-1C09B93019FA} - System32\Tasks\{25E61622-D504-4687-8CA0-DB1AE11A2406} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {3125A5D9-5466-4492-AB39-C3CC3275B630} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe Task: {333C954D-759E-44B8-8A20-DDFDE24FDC83} - System32\Tasks\{F80032B6-FD8B-4C37-B4C9-F1D860EE2A6E} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {3CD639F6-8AD5-4455-B0E4-320967B3959E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {408161EA-4870-4E07-8E72-72EFA6EC3E90} - System32\Tasks\{F960AAB2-4C92-4C84-A958-DA87CFCD15FA} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\setup.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {414285DD-F86E-4FCB-91B8-50E84BE70E7A} - System32\Tasks\{9ACF3A99-E37B-43E0-A2AD-257222583004} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {4EBBCC70-8C9A-4670-90FA-8DFDFB0FD382} - System32\Tasks\{D1CBE8AD-32B1-4506-BCBC-71D28B9CD788} => pcalua.exe -a C:\Users\Margit\AppData\Local\Temp\{96C5A240-4257-448F-9F47-7D5C20A5C931}\setup.exe -d "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154" Task: {51367041-B77D-410F-AF6F-70B86CD7DEF0} - System32\Tasks\{12D0D921-EA07-4C9E-984C-D9DB7599421C} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {57E857AC-D073-4F22-878D-3036530C67BC} - System32\Tasks\{127E358C-5CE0-4EC3-8BCE-A39481B22E42} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {597DEE36-BDBA-4B26-9FF6-A92D39DFDC16} - System32\Tasks\{25BCCB07-CC7E-41B9-883B-3186D30FAB59} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {5D4C3598-0056-4C1B-B7CD-5E71AF7FF81F} - System32\Tasks\{AD5AFC9C-1A7A-4481-95C9-331FF3137DF4} => pcalua.exe -a E:\setup.exe -d E:\ Task: {5F99CCCE-3299-42DA-9619-746671EF331A} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG) Task: {626F3468-8501-4E35-BFE2-45C98209441A} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {6313AF1E-5AAB-424D-B3B2-BECBAC75A2DE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe Task: {6FFB1919-1FA9-4CDB-8523-686D2F9EA261} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {81B2819A-2FD4-4C10-A88D-FECDB52F6DA8} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-14] (ASUSTeK Computer Inc.) Task: {8520F69A-B90C-4530-A22B-105D5E08919E} - System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} => C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\Nostale.exe Task: {8F1573B8-40CD-4F08-9747-4577890147F9} - System32\Tasks\{10699523-0978-4EEC-B551-6B7DFEBF3E5B} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {9952CC9E-442F-4C72-8559-FD64B07CFAD6} - System32\Tasks\{749B462B-1FCA-4DAD-9483-A1A03E48C574} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {A47A0592-6656-4E9D-82FC-DB24584F8713} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {B2D997F3-3C2B-4580-827C-8D10073AC37D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000Core => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B41DC9CA-413E-4BFC-ADAF-20114A8D82DB} - System32\Tasks\{891AAF44-5CAE-4B8A-931F-D71ADD64C53D} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {B746A350-8CCC-44B0-A11C-ADACF1731324} - System32\Tasks\{38081923-7D7F-4245-AE6B-B3FD6CADCB7B} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {B7BDC3B0-800B-48A1-A1EC-6E182B7AB7BF} - System32\Tasks\{135D557F-798B-4B30-9EF1-83F4CB2E14BF} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {BCEA647A-F118-4805-A05B-DA46186DF91B} - System32\Tasks\{19C2391B-B695-4206-ACEC-CFC188BFEAB6} => C:\Users\Margit\Desktop\HGWC Bypass\HGWC Bypass.exe Task: {C48504B3-C984-4B65-8844-8EFD37641110} - System32\Tasks\{F33716A5-2C9C-4596-B5E9-8FAC56D6A5FF} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}" Task: {D424A41E-977B-4BC1-8465-571E3CAC97CE} - System32\Tasks\{CEED9F63-5F09-41F1-9A60-A21377CA528B} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {D4A1E8FE-F77F-42B3-B38D-32D785A6D231} - System32\Tasks\{CA88250D-EDE0-415D-A7D9-80E1432B7A09} => C:\Program Files (x86)\Steam\Steam.exe [2014-12-20] (Valve Corporation) Task: {D6FDA0FC-3C68-4B92-ACFE-0CEE5DFE361D} - System32\Tasks\{27FC4681-DE2C-4C93-A5B5-F85ADDA5CD22} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-13] (LogMeIn Inc.) Task: {DF5648D2-25DC-4486-8F81-58F34C2D1376} - System32\Tasks\{C5C32378-3A80-41C0-A496-CB252C3EF91D} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {F5DC1BEA-DC5E-4B37-91FC-D34DAEF58010} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {F80EF664-B8BB-4371-AAA1-B250253DE11D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {F8237811-A5CF-4425-B59D-3FAC773AB9D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000UA => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-29 22:25 - 2013-04-29 22:25 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-12-31 13:44 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:44 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe 2014-12-31 13:44 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:44 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll 2015-01-17 11:32 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-17 11:32 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll 2015-01-17 11:32 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll 2015-01-17 11:32 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll 2015-01-17 11:33 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: BackupStack => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: ClaraUpdater => 2 MSCONFIG\Services: CltMngSvc => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: HiPatchService => 2 MSCONFIG\Services: HitmanProScheduler => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Arc\ArcLauncher.exe /autorun MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe" MSCONFIG\startupreg: FixMyRegistry => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss MSCONFIG\startupreg: FLV Player => C:\Users\Margit\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe MSCONFIG\startupreg: GameforgeLive => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart MSCONFIG\startupreg: GoogleChromeAutoLaunch_7D78684C04D130A2BFD725AA212F80C4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss MSCONFIG\startupreg: Spotify => "C:\Users\Margit\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3413827966-1155256820-1680526860-500 - Administrator - Disabled) Gast (S-1-5-21-3413827966-1155256820-1680526860-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-3413827966-1155256820-1680526860-1004 - Limited - Enabled) Margit (S-1-5-21-3413827966-1155256820-1680526860-1000 - Administrator - Enabled) => C:\Users\Margit ==================== Faulty Device Manager Devices ============= Name: hamachi Description: hamachi Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/22/2015 02:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/21/2015 10:19:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/21/2015 11:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 10:32:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/20/2015 03:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2015 10:19:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/19/2015 09:15:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/19/2015 08:31:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm javaw.exe, Version 7.0.550.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1604 Startzeit: 01d0341e7100f13a Endzeit: 5 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: b474aa3c-a011-11e4-aa7c-50465d9054db Error: (01/19/2015 00:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2015 10:23:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 System errors: ============= Error: (01/22/2015 03:23:06 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/22/2015 03:22:56 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/22/2015 02:09:37 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/21/2015 10:19:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/21/2015 02:25:32 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/21/2015 11:57:05 AM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/21/2015 11:27:08 AM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/20/2015 10:32:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/20/2015 03:50:16 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/20/2015 03:49:46 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (01/22/2015 02:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/21/2015 10:19:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c178801d03564877f2c56C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll3a167b52-a1b3-11e4-bf16-50465d9054db Error: (01/21/2015 11:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 10:32:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c172001d034bc9437aaa9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllc6a3b4f2-a0eb-11e4-ad44-50465d9054db Error: (01/20/2015 03:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2015 10:19:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c171801d033da0c2498deC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlldd03a235-a020-11e4-aa7c-50465d9054db Error: (01/19/2015 09:15:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/19/2015 08:31:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: javaw.exe7.0.550.13160401d0341e7100f13a5C:\Program Files\Java\jre7\bin\javaw.exeb474aa3c-a011-11e4-aa7c-50465d9054db Error: (01/19/2015 00:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2015 10:23:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c171401d033142e1b9d30C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll475ad3c9-9f58-11e4-9d29-50465d9054db CodeIntegrity Errors: =================================== Date: 2014-05-27 15:13:08.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-27 15:13:08.557 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 34% Total physical RAM: 7918.12 MB Available physical RAM: 5211.19 MB Total Pagefile: 15834.42 MB Available Pagefile: 10768.02 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:35.36 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:99.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A844CCAC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
23.01.2015, 00:10 | #20 |
Ruhe in Frieden † 2019 | Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Hallo Justin, was macht der Rechner nach diesen Schritten? Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : System Update kb77600 McAfee Security Scan Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 ProxyEnable: [S-1-5-21-3413827966-1155256820-1680526860-501] => Internet Explorer proxy is enabled. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} BHO: SmartSaver+ 15 -> {11111111-1111-1111-1111-110611171196} -> C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho64.dll No File FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff [Not Found] CHR HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jpfpfhlafnadialopcnmpnnonkoncnej] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3625\ch\MediaBuzzV1mode3625.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [oeajfgfbfkoagohfgaimemkippdnedli] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ch\RichMediaViewV1release393.crx [Not Found] AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
25.01.2015, 01:02 | #21 |
| Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Ist mein Pc so stark infiziert, dass es normal ist, dass der FRST Scan so lange braucht, also der erste? Ist nehmlich ganz schön am Arbeiten und dauert nun schon über 1,5 Std Naja wenn er wenigst heute noch Fertig wird. Falls ich die File schon vorher gepostet habe, ist es natürlich klar, dass sie die Frage nicht mehr beantworten müssen Oh ist natürlich kein muss die Frage zu beantworten, wenn es unhöflich rüber kam entschuldige ich mich wäre bloß cool der fixt nehmlich immer noch Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015 Ran by Margit at 2015-01-23 14:04:04 Run:1 Running from C:\Users\Gast\Downloads Loaded Profiles: Margit & Gast (Available profiles: Margit & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118 ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 ProxyEnable: [S-1-5-21-3413827966-1155256820-1680526860-501] => Internet Explorer proxy is enabled. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-HMpgdgjYvVhoxYCg0yi4dHboSp48fxni59g1TUaspPffmSxXBgVz_6mg-bRZ-YoMRZNkmOuizwYuZIl0b1j3t5xVhRsGFFw,, HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb4HOTNQCpkaJv6syQ6cH4AKiPURCZrtEWLka4l3idyLsI8wBqV8ZDIj2mVKqr6LR-LM2JK9O1HffLnb4uScReyQOsWQbYF4FU6MEHEv6orrVzpV_YTRfAFKveuIni-doACzqhr9DaZOYhufg-dYV0rrxpw-Tbj5w,,&q={searchTerms} BHO: SmartSaver+ 15 -> {11111111-1111-1111-1111-110611171196} -> C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho64.dll No File FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff [Not Found] CHR HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Margit\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jpfpfhlafnadialopcnmpnnonkoncnej] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3625\ch\MediaBuzzV1mode3625.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [oeajfgfbfkoagohfgaimemkippdnedli] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ch\RichMediaViewV1release393.crx [Not Found] AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 emptytemp: ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-501\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171196}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110611171196}" => Key deleted successfully. C:\Program Files (x86)\AmiExt\flashEnhancer\ff not found. C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff not found. C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff not found. "HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\SOFTWARE\Google\Chrome\Extensions\dapejillpcnbpfidhfkpidklcombbmel" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dapejillpcnbpfidhfkpidklcombbmel" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hfimjncgpflkpkhbnnblhblobjjjhjhd" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpfpfhlafnadialopcnmpnnonkoncnej" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oeajfgfbfkoagohfgaimemkippdnedli" => Key deleted successfully. C:\ProgramData\TEMP => ":07F6D9E4" ADS removed successfully. C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully. EmptyTemp: => Removed 38 GB temporary data. The system needed a reboot. ==== End of Fixlog 15:36:14 ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2777dd870c7066439d35192e95bac94b # engine=18399 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-25 08:38:18 # local_time=2014-05-25 10:38:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 43906 8638652 15100 0 # compatibility_mode=5893 16776573 100 94 63621 152636948 0 0 # scanned=280100 # found=200 # cleaned=0 # scan_time=19H sh=F01B2664D8FF5A98DF177B7A4407065C32D124EF ft=1 fh=c71c0011fee765ee vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\ExtensionUpdaterService.exe.vir" sh=ECA1C2CBCA1276F0E50AD99BB7C8DE7645CE10EB ft=1 fh=db39625e2f63ca19 vn="Variante von Win32/Adware.AddLyrics.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AddLyrics\YTLUpdater.exe.vir" sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe.vir" sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir" sh=EFEBB158DEE9C8834CB74D91FC82BAAA1660E2D7 ft=1 fh=95860813e4558c91 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir" sh=7666607605EBD852324ACEBD0B6BEBF3ADB6B00B ft=1 fh=2d9be3299a7aa4ad vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir" sh=32FDA17478DB0F7E7CB8F73F4D9FCD857CD47D82 ft=1 fh=7e87e7320e5ead0c vn="möglicherweise Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.dll.vir" sh=085A28DB53820FF33D241DB8ED06834FD6C0EF6C ft=1 fh=c3f4ccff19422357 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir" sh=F41362AA7B60436964CA92D6FA9817AEF37AE453 ft=1 fh=bf00098c521b68dc vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll.vir" sh=8E584BF68DB714A3B190DA1875DCB715D916C7C1 ft=1 fh=5c81d63b6295900f vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe.vir" sh=B5E4D81590ECC19CCA32001777525797F8FF053D ft=1 fh=8566ad539a690e97 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir" sh=03067E7E07C9B97CDF10CC7D66A005C2FB41C758 ft=1 fh=dca3e54b87352872 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe.vir" sh=95F5F5357E940D613C47088380567F9ED5C60487 ft=1 fh=d3e33123b31eee6a vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-helper.exe.vir" sh=5FB2D2943DE2485609277EA0084C2957F1591F1B ft=1 fh=4f512f15dbb72257 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir" sh=30CBFCF067D6165FF75C1D083AF10B42CB81DC59 ft=1 fh=c71c0011dce9fa3a vn="Variante von Win32/AdWare.AddLyrics.AB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-Markable\ReMarkableup.exe.vir" sh=F176C5F9BE26FA61C51F44BBE382EF6BE6836A71 ft=1 fh=5b953ddbdb417983 vn="Variante von Win32/AdWare.AddLyrics.AB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-Markable\Uninstall.exe.vir" sh=63A43D95149B189141788E7C493DDCF07110145A ft=1 fh=60457eaec91070ea vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=066797D487BA448FB1D401E34564FB93E2B2D910 ft=1 fh=e79164173f74db79 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="Variante von Win32/Adware.MultiPlug.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MAegniPic\515c4cd8015be.dll.vir" sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir" sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir" sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir" sh=F53EE3BDD85C0E2181555E902B84ACBCE1EE5F87 ft=1 fh=54b954715ffe8328 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\SwvUpdater\Updater.exe.vir" sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\eIntaller\E14C3E8DA8BF4cb98CFF4A22B3057F66\Desk365.exe.vir" sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\101_cortica_m.js.vir" sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\102_dealply_m.js.vir" sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\103_intext_5_m.js.vir" sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\105_corticas_m.js.vir" sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\107_coupish_m.js.vir" sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\108_icm_m.js.vir" sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\116_ads_only_5_m.js.vir" sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\119_similar_web_m.js.vir" sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\120_luck_m.js.vir" sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\125_arcadi2_m.js.vir" sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\126_revizer_ws_m.js.vir" sh=F139543D5C107C30764FA7A0473152F192FA43D2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\127_revizer_p_m.js.vir" sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\129_widdit_m.js.vir" sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\135_arcadi3_m.js.vir" sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\142_intext_fa_m.js.vir" sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\170_icm1_5_m.js.vir" sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\175_coolmirage_m.js.vir" sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\92_superfish_m.js.vir" sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\101_cortica_m.js.vir" sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\102_dealply_m.js.vir" sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\103_intext_5_m.js.vir" sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\105_corticas_m.js.vir" sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\107_coupish_m.js.vir" sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\108_icm_m.js.vir" sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\116_ads_only_5_m.js.vir" sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\119_similar_web_m.js.vir" sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\120_luck_m.js.vir" sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\125_arcadi2_m.js.vir" sh=C21C6121D5A11EC0786BFEACA62CAB5697C9266F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\126_revizer_ws_m.js.vir" sh=F139543D5C107C30764FA7A0473152F192FA43D2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\127_revizer_p_m.js.vir" sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\129_widdit_m.js.vir" sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\135_arcadi3_m.js.vir" sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\142_intext_fa_m.js.vir" sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\170_icm1_5_m.js.vir" sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\175_coolmirage_m.js.vir" sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\92_superfish_m.js.vir" sh=A2299995376BE0EA603E01F8D387B27ABFFEDE35 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=26D414A1587BDD1E273EBC15C1E367CCF29D8971 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\a5nh629uk@eymnswds-u.edu\content\bg.js.vir" sh=3FEB17B3544B2B50AD1B9816D3B331CD89D1A4A6 ft=1 fh=463dcad3c084e931 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir" sh=382074AAC419517C309A2B36A7227E89CD9ECEC7 ft=1 fh=f6f5126377959a90 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\ffxtlbr@iminent.com\uninstall.exe.vir" sh=9CA4774891E9538150DBC295BC303D11173CE7FB ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir" sh=91A6A37448B95C1BBA932E6515D6206A0B38C70B ft=1 fh=c3ac4263f3c8a3fb vn="Win32/VuuPc.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\VOPackage\1_Offer_11.exe.vir" sh=07BD467C0EC9B094EA0909D5F3E1C2FD4E82209C ft=1 fh=7bc3a04e8e9e4e3c vn="Variante von Win32/InstallCore.JA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\VOPackage\Setup.exe.vir" sh=81E9DDCC5A52CB0F678CE59840BD7D0067D9E240 ft=1 fh=2d04df6b6ae8387b vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Chromer-codedownloader.exe" sh=49D3A606E4C8D47DB5411CC6767FCA36F52E8A55 ft=1 fh=9ba1eca12ec55543 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Chromer-helper.exe" sh=839F65EC3523C4392646BAB69D68F347A6087600 ft=1 fh=c5483f3282a93266 vn="Variante von Win32/Packed.VMDetector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Uninstall.exe" sh=022820287E2F7469DA36AD9909E4517088D4957D ft=1 fh=6ce986b38f75fa36 vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HDPlayer\hdpextsetup.exe" sh=482A953C4A400FF82111631C2439365A26FB4EDB ft=1 fh=078b6452a3c88ef5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.Bromon.dll" sh=6BC4C2C9DD51006C7AA2E5C957A013193567E5B1 ft=1 fh=2622cdcf3f498b3c vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.BrowserAdapterS.dll" sh=7BADF7AD159522A3A30FE6B30279C779D90E769A ft=1 fh=25b1b23333328b71 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.CompatibilityChecker.dll" sh=2D07FC86A40868C3BC67C8E991A79DEDF03D30AC ft=1 fh=31853ebafe639bfb vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.FFUpdate.dll" sh=7C26529A2BA75C3B8581B44C90E5F460A2533E3E ft=1 fh=e589d8bd35098f6f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.IEUpdate.dll" sh=8C7453AE1D7DE8CAAAB2C2F045570F8CB0A54D3B ft=1 fh=9c9e3200775a5391 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000" sh=DFD06F5F9CD914D3FAFE51526DC78786D4E87C2B ft=1 fh=64b4e2f1d70dc07b vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000" sh=F82C6EE8464D850F325953D402F427DDD78DBF16 ft=1 fh=b4d74313971dc77e vn="Variante von Win32/DomaIQ.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000" sh=6A7D8B94835AD2D1943CC7639727BEC6333D53D0 ft=1 fh=7303e99fc8ca44cb vn="Win32/Somoto.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000" sh=5A634A1B9C3311653339576C0C2BAC802DE14DAD ft=1 fh=8a50f526ec9c92b8 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001" sh=EF2084B8C3ADD6B3892A2B16E3B80319B6F981F9 ft=1 fh=91c1f12653643819 vn="Variante von Win32/DomaIQ.BD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000" sh=B00CC13756286331B8158451F6A8A5545E6B56A2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js" sh=5B293CDD6C1E24E8EF2CCAD6D39E54F1EFD1C4C7 ft=1 fh=40d68ff3947b7fb7 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\Documents\LostSagaEU_Full.exe" # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2777dd870c7066439d35192e95bac94b # engine=18402 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-26 04:39:53 # local_time=2014-05-26 06:39:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 72795 8710747 65543 0 # compatibility_mode=5893 16776573 100 94 135716 152709043 0 0 # scanned=280378 # found=207 # cleaned=0 # scan_time=70854 sh=F01B2664D8FF5A98DF177B7A4407065C32D124EF ft=1 fh=c71c0011fee765ee vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\ExtensionUpdaterService.exe.vir" sh=ECA1C2CBCA1276F0E50AD99BB7C8DE7645CE10EB ft=1 fh=db39625e2f63ca19 vn="Variante von Win32/Adware.AddLyrics.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AddLyrics\YTLUpdater.exe.vir" sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe.vir" sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir" sh=AFE37B47352A47298251A51CE4E909649FABCD44 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\33036.crx.vir" sh=EFEBB158DEE9C8834CB74D91FC82BAAA1660E2D7 ft=1 fh=95860813e4558c91 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir" sh=7666607605EBD852324ACEBD0B6BEBF3ADB6B00B ft=1 fh=2d9be3299a7aa4ad vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir" sh=32FDA17478DB0F7E7CB8F73F4D9FCD857CD47D82 ft=1 fh=7e87e7320e5ead0c vn="möglicherweise Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.dll.vir" sh=085A28DB53820FF33D241DB8ED06834FD6C0EF6C ft=1 fh=c3f4ccff19422357 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir" sh=F41362AA7B60436964CA92D6FA9817AEF37AE453 ft=1 fh=bf00098c521b68dc vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll.vir" sh=8E584BF68DB714A3B190DA1875DCB715D916C7C1 ft=1 fh=5c81d63b6295900f vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe.vir" sh=B5E4D81590ECC19CCA32001777525797F8FF053D ft=1 fh=8566ad539a690e97 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir" sh=03067E7E07C9B97CDF10CC7D66A005C2FB41C758 ft=1 fh=dca3e54b87352872 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe.vir" sh=95F5F5357E940D613C47088380567F9ED5C60487 ft=1 fh=d3e33123b31eee6a vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-helper.exe.vir" sh=5FB2D2943DE2485609277EA0084C2957F1591F1B ft=1 fh=4f512f15dbb72257 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir" sh=30CBFCF067D6165FF75C1D083AF10B42CB81DC59 ft=1 fh=c71c0011dce9fa3a vn="Variante von Win32/AdWare.AddLyrics.AB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-Markable\ReMarkableup.exe.vir" sh=F176C5F9BE26FA61C51F44BBE382EF6BE6836A71 ft=1 fh=5b953ddbdb417983 vn="Variante von Win32/AdWare.AddLyrics.AB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-Markable\Uninstall.exe.vir" sh=63A43D95149B189141788E7C493DDCF07110145A ft=1 fh=60457eaec91070ea vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=066797D487BA448FB1D401E34564FB93E2B2D910 ft=1 fh=e79164173f74db79 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="Variante von Win32/Adware.MultiPlug.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MAegniPic\515c4cd8015be.dll.vir" sh=35B2F9C3EDC1276AD5627B5D5903A738624CB549 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Download\Apk\Minecraft.apk.vir" sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.32.zip.vir" sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir" sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir" sh=A703E83DC6447E84E8582B80A3DBF6C03B77D04A ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir" sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir" sh=F53EE3BDD85C0E2181555E902B84ACBCE1EE5F87 ft=1 fh=54b954715ffe8328 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\SwvUpdater\Updater.exe.vir" sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\eIntaller\E14C3E8DA8BF4cb98CFF4A22B3057F66\Desk365.exe.vir" sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\101_cortica_m.js.vir" sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\102_dealply_m.js.vir" sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\103_intext_5_m.js.vir" sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\105_corticas_m.js.vir" sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\107_coupish_m.js.vir" sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\108_icm_m.js.vir" sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\116_ads_only_5_m.js.vir" sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\119_similar_web_m.js.vir" sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\120_luck_m.js.vir" sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\125_arcadi2_m.js.vir" sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\126_revizer_ws_m.js.vir" sh=F139543D5C107C30764FA7A0473152F192FA43D2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\127_revizer_p_m.js.vir" sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\129_widdit_m.js.vir" sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\135_arcadi3_m.js.vir" sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\142_intext_fa_m.js.vir" sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\170_icm1_5_m.js.vir" sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\175_coolmirage_m.js.vir" sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\92_superfish_m.js.vir" sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\101_cortica_m.js.vir" sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\102_dealply_m.js.vir" sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\103_intext_5_m.js.vir" sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\105_corticas_m.js.vir" sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\107_coupish_m.js.vir" sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\108_icm_m.js.vir" sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\116_ads_only_5_m.js.vir" sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\119_similar_web_m.js.vir" sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\120_luck_m.js.vir" sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\125_arcadi2_m.js.vir" sh=C21C6121D5A11EC0786BFEACA62CAB5697C9266F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\126_revizer_ws_m.js.vir" sh=F139543D5C107C30764FA7A0473152F192FA43D2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\127_revizer_p_m.js.vir" sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\129_widdit_m.js.vir" sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\135_arcadi3_m.js.vir" sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\142_intext_fa_m.js.vir" sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\170_icm1_5_m.js.vir" sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\175_coolmirage_m.js.vir" sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\92_superfish_m.js.vir" sh=A2299995376BE0EA603E01F8D387B27ABFFEDE35 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=26D414A1587BDD1E273EBC15C1E367CCF29D8971 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\a5nh629uk@eymnswds-u.edu\content\bg.js.vir" sh=3FEB17B3544B2B50AD1B9816D3B331CD89D1A4A6 ft=1 fh=463dcad3c084e931 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir" sh=382074AAC419517C309A2B36A7227E89CD9ECEC7 ft=1 fh=f6f5126377959a90 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\ffxtlbr@iminent.com\uninstall.exe.vir" sh=9CA4774891E9538150DBC295BC303D11173CE7FB ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir" sh=91A6A37448B95C1BBA932E6515D6206A0B38C70B ft=1 fh=c3ac4263f3c8a3fb vn="Win32/VuuPc.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\VOPackage\1_Offer_11.exe.vir" sh=07BD467C0EC9B094EA0909D5F3E1C2FD4E82209C ft=1 fh=7bc3a04e8e9e4e3c vn="Variante von Win32/InstallCore.JA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Roaming\VOPackage\Setup.exe.vir" sh=81E9DDCC5A52CB0F678CE59840BD7D0067D9E240 ft=1 fh=2d04df6b6ae8387b vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Chromer-codedownloader.exe" sh=49D3A606E4C8D47DB5411CC6767FCA36F52E8A55 ft=1 fh=9ba1eca12ec55543 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Chromer-helper.exe" sh=839F65EC3523C4392646BAB69D68F347A6087600 ft=1 fh=c5483f3282a93266 vn="Variante von Win32/Packed.VMDetector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Chromer\Uninstall.exe" sh=022820287E2F7469DA36AD9909E4517088D4957D ft=1 fh=6ce986b38f75fa36 vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HDPlayer\hdpextsetup.exe" sh=482A953C4A400FF82111631C2439365A26FB4EDB ft=1 fh=078b6452a3c88ef5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.Bromon.dll" sh=6BC4C2C9DD51006C7AA2E5C957A013193567E5B1 ft=1 fh=2622cdcf3f498b3c vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.BrowserAdapterS.dll" sh=7BADF7AD159522A3A30FE6B30279C779D90E769A ft=1 fh=25b1b23333328b71 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.CompatibilityChecker.dll" sh=2D07FC86A40868C3BC67C8E991A79DEDF03D30AC ft=1 fh=31853ebafe639bfb vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.FFUpdate.dll" sh=7C26529A2BA75C3B8581B44C90E5F460A2533E3E ft=1 fh=e589d8bd35098f6f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\qualitink\bin\plugins\qualitink.IEUpdate.dll" sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B Anwendung" ac=I fn="C:\Temp\t.msi" sh=3C9AC24121A50B5EBDDF5B06D10739DDF9A60120 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx" sh=8C7453AE1D7DE8CAAAB2C2F045570F8CB0A54D3B ft=1 fh=9c9e3200775a5391 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000" sh=DFD06F5F9CD914D3FAFE51526DC78786D4E87C2B ft=1 fh=64b4e2f1d70dc07b vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000" sh=F82C6EE8464D850F325953D402F427DDD78DBF16 ft=1 fh=b4d74313971dc77e vn="Variante von Win32/DomaIQ.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000" sh=6A7D8B94835AD2D1943CC7639727BEC6333D53D0 ft=1 fh=7303e99fc8ca44cb vn="Win32/Somoto.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000" sh=5A634A1B9C3311653339576C0C2BAC802DE14DAD ft=1 fh=8a50f526ec9c92b8 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001" sh=EF2084B8C3ADD6B3892A2B16E3B80319B6F981F9 ft=1 fh=91c1f12653643819 vn="Variante von Win32/DomaIQ.BD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000" sh=B00CC13756286331B8158451F6A8A5545E6B56A2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js" sh=5B293CDD6C1E24E8EF2CCAD6D39E54F1EFD1C4C7 ft=1 fh=40d68ff3947b7fb7 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\Documents\LostSagaEU_Full.exe" sh=F4801E8A865F5E12BD0FAE634752E17219E281FB ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2012-12-30 190001\Backup Files 2012-12-30 190001\Backup files 10.zip" sh=D9B6031AC5829BD8983687C5E481A820D3E28C71 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.Autoit.CG Trojaner" ac=I fn="D:\JUSTIN-PC\Backup Set 2012-12-30 190001\Backup Files 2013-01-13 190001\Backup files 1.zip" sh=8170DFB23C72CE4DB8CB00B614D581CDE7EA4DC4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2012-12-30 190001\Backup Files 2013-01-20 190001\Backup files 1.zip" sh=B5024191AA034D3515B50861152607DF657C8B3F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2012-12-30 190001\Backup Files 2013-01-20 190001\Backup files 2.zip" sh=4FC7DD4186D0D8215D89B0944E621CB0111703F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2012-12-30 190001\Backup Files 2013-01-20 190001\Backup files 3.zip" sh=0F33639D6CC8A41791F0A8A5D460A19689B53877 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-25 125827\Backup Files 2013-01-25 125827\Backup files 1.zip" sh=05008A065E648BC4EBF3D75E1B730454CDBF57E9 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-25 125827\Backup Files 2013-01-25 125827\Backup files 10.zip" sh=362EA2730BD0FAC9E5F81958A30095DDCE4D8B32 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-25 125827\Backup Files 2013-01-25 125827\Backup files 12.zip" sh=FD172559B7BF31D0035050735357363DAD6BA408 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-25 125827\Backup Files 2013-01-25 125827\Backup files 3.zip" sh=7375AAFD1BDC70FF627A58992983B9AD11F0388E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-25 125827\Backup Files 2013-01-25 125827\Backup files 4.zip" sh=6D2051BE0E79995C6C6202ACBEB9EB3CA386FE10 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-28 102833\Backup Files 2013-01-28 102833\Backup files 1.zip" sh=234C53302EEC363D876DF3BFDF2E53595CB0FFA6 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-28 102833\Backup Files 2013-01-28 102833\Backup files 10.zip" sh=8865F8252E9B2200D2AC82CB5F5FC44F0FE9EDF5 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-28 102833\Backup Files 2013-01-28 102833\Backup files 12.zip" sh=2948AF68A98D464393A6707346A24B1611DC4793 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-01-28 102833\Backup Files 2013-01-28 102833\Backup files 3.zip" sh=F00F8FE374290FCFB5BB4861DB7797AB6B2A0C4C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-01 194928\Backup Files 2013-02-01 194928\Backup files 1.zip" sh=11E5B4C458175ABF1801A025A80F62454AF285DA ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-01 194928\Backup Files 2013-02-01 194928\Backup files 10.zip" sh=EFA57B510E42426DC2BB7D2CA71C83B89CC95F46 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-01 194928\Backup Files 2013-02-01 194928\Backup files 12.zip" sh=135B874267DB8BABE6805A558C46A4CFE7430F3D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-01 194928\Backup Files 2013-02-01 194928\Backup files 3.zip" sh=A8C846379DE9EBB2FECDEBDDE40C370D6DF6681C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-12 190856\Backup Files 2013-02-12 190856\Backup files 1.zip" sh=5F24878EF3860402C64FDC27352A9931A8E7C4D6 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-12 190856\Backup Files 2013-02-12 190856\Backup files 24.zip" sh=FB7DB7EA4EBF49A6CF18A66EC7470E14CDB14311 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-12 190856\Backup Files 2013-02-12 190856\Backup files 26.zip" sh=54E984543DB3A6B0965151C0DCE96E73FC319CCF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-12 190856\Backup Files 2013-02-12 190856\Backup files 3.zip" sh=F94B8919AAD87C76FBAA467115ED83B2BA3EDCEC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-17 190001\Backup Files 2013-02-17 190001\Backup files 1.zip" sh=9D259F6FF845A65D1E515C41E6DCC6D7A481EDAA ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-17 190001\Backup Files 2013-02-17 190001\Backup files 23.zip" sh=4ACC1F28781A9976AECDF028B374CA2B19BEE7A3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-17 223832\Backup Files 2013-02-17 223832\Backup files 1.zip" sh=E41CD4B232BEFB4F82FC196FE11859C7B6D995C9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-17 223832\Backup Files 2013-02-17 223832\Backup files 2.zip" sh=96736AB57566637E11F036AD915CBD4C5022B4DC ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-17 223832\Backup Files 2013-02-17 223832\Backup files 23.zip" sh=EECA20488DDD21B20FCFE5F13C12856FAEEF3744 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-24 190001\Backup Files 2013-02-24 190001\Backup files 24.zip" sh=E37DA32DE57E1A2431A5C4FD6531F8AA05D4E386 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-02-24 190001\Backup Files 2013-02-24 190001\Backup files 3.zip" sh=AFA89F099A5FB4254474A354C90CE746597217C2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-03 190002\Backup Files 2013-03-03 190002\Backup files 3.zip" sh=D503AE3417BC8359BFBF66DFB5CC273F52B84B87 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-03 190002\Backup Files 2013-03-03 190002\Backup files 9.zip" sh=35AADE3BF74778E32E64E34ACCC4CCD1874B8A0A ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.VrBrothers.AA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-17 190004\Backup Files 2013-03-17 190004\Backup files 10.zip" sh=00FCECC138D2D4442EA7B93D9AF07248E85BCFA8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-17 190004\Backup Files 2013-03-17 190004\Backup files 3.zip" sh=D3E1F49F075FACB33C45521562CC49C3367D8F26 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-17 190004\Backup Files 2013-03-17 190004\Backup files 4.zip" sh=065CDE019F53CA581063474FB16B36909D7EBEDB ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-17 190004\Backup Files 2013-04-07 190001\Backup files 1.zip" sh=2B5B84706811F7E6FDDC77157091BC500C81C3B6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-03-17 190004\Backup Files 2013-04-07 190001\Backup files 2.zip" sh=789418C1385EAF57B78E1E8D3AD3A8A85D937ADE ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 1.zip" sh=6E1D4DE908C0835E27971E27F205FAC5A1FA425D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 3.zip" sh=4CE95C3DA51B85BD97D705BD889243FAF0E0F1D7 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-21 190002\Backup Files 2013-04-21 190002\Backup files 1.zip" sh=6D216B696B2D530FC601A2D56A5E1D41C836CDE0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-21 190002\Backup Files 2013-04-21 190002\Backup files 3.zip" sh=EF02123D52E93AF19798FD92F50AC9989FD6C631 ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-21 190002\Backup Files 2013-04-21 190002\Backup files 6.zip" sh=EC71AADE200D2B77836D7A5C0EB9EF45965BD2F0 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-28 190002\Backup Files 2013-04-28 190002\Backup files 1.zip" sh=F25CE40939D6B7F8FDEA4EE631CC8DE021607149 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-28 190002\Backup Files 2013-04-28 190002\Backup files 3.zip" sh=18C790B5BE4DAAEAAB9B7C792C0BF1BA752D6C05 ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-04-28 190002\Backup Files 2013-04-28 190002\Backup files 7.zip" sh=B93C596CBFEE435F607058C435CE629983C7307A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2013-05-20 192859\Backup files 1.zip" sh=465AC805A1B4AC1C08B5277DE23C5B7A4CBA9D26 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2013-05-20 192859\Backup files 3.zip" sh=B8AAE4D5371FFA2A277AE25684846B008C51B98F ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2013-05-20 192859\Backup files 7.zip" sh=FFC7B48427E580B2CA7AA56A3B19F354824B01E7 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2013-06-16 190002\Backup files 2.zip" sh=7B811DE6DF7C932A2B3C808BBCE35D4B716653CE ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2013-06-23 190002\Backup files 1.zip" sh=F6171D073812745F4A9F35E264600AB26EFD8307 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.BBT Trojaner" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 1.zip" sh=C9DBBBD5F4800AD48BA17A5CB08AAB1C1DB9035E ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 10.zip" sh=6CFBD91ECD296FF641E35759E441D4BFBD6F7405 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.C evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 11.zip" sh=C0AAFD75093898F594A15E9678259933B6CD6530 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 8.zip" sh=93104F5342C5FBB7D22980D316025B13EAFA3F49 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 85.zip" sh=0F32DBD774E5B4195E0E996026957CB63851BBC9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 86.zip" sh=9053B23FAD402CDCB1A7660AB2018D9AD8FB977D ft=0 fh=0000000000000000 vn="Win32/DownWare.E evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2013-05-20 192859\Backup Files 2014-02-20 195730\Backup files 9.zip" sh=9F676CC2A058147C66B1CEA32D1102DF6A514FA5 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.BBT Trojaner" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 1.zip" sh=008CB1C4CF7FF6E430348EC042D22C71F7E0B236 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 10.zip" sh=82D5FC82881CD18791FD6FE957BDEB1636BBAF35 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 11.zip" sh=4A211EAB7594C1CFD49E35EB80F7715EAFDD6307 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 12.zip" sh=CC862B470F873C1AE182837ACC9B0E6F9BB958C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 17.zip" sh=FC8D996C303BA1A76D720B92BB56BC5B8D4AA505 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 8.zip" sh=07E91F97D643007736236C764E87030F785A8456 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 9.zip" sh=68EABECCB67B797145A9AC877A07C13AD666BE91 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-02-23 190003\Backup files 92.zip" sh=24E4F74DF4F4093100D53B02D0143711AD0477F8 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-03-02 190001\Backup files 3.zip" sh=13F8AD9ED3DC751EE0ADA8148FA78A8F24207CCD ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BA evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-02-23 190003\Backup Files 2014-03-02 190001\Backup files 5.zip" sh=A9B8935D7837D12E406CB1D47FD77C6FC5EC60FA ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 17.zip" sh=42BADF5EA2CAFCD4FEC8505CE8DD9EECDA0082B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 4.zip" sh=8D3787896FC6A5BCDE779D95CF6E2900E4C3338B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 5.zip" sh=C2F9B0CDF30CA78D0A7D4A9D50366FDF8594F001 ft=0 fh=0000000000000000 vn="Win32/VuuPc.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 6.zip" sh=9844CA8C1AD7A1C76BC4C8E8F3B6BF06F12ED96F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 8.zip" sh=C0ECDE60ECC251ED756D873FEDEA5335BF7856A1 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 9.zip" sh=7769702C5C8B60D4C1AD2AF14181DD96E4802F5C ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-23 190002\Backup Files 2014-03-23 190002\Backup files 99.zip" sh=1A28E9A13122F3727F259F9124752160F22C9070 ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 17.zip" sh=CD036C4A812031E087352ED52C57FE5204FB09CE ft=0 fh=0000000000000000 vn="Win32/Somoto.N evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 18.zip" sh=86BD0B0F4B01EC9F08316F8D4569C16B7734545F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 4.zip" sh=9CF62DF6C799F28FA467E6928CEDB3E7D03C0328 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 5.zip" sh=79AA6749F2BE3F81DC3B577F87E411EF7DD39920 ft=0 fh=0000000000000000 vn="Win32/VuuPc.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 6.zip" sh=3DC7F052963FD8B2AB4408E71226DA2A9A4A6BBB ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 8.zip" sh=A6EE8E96FAA86B761BF20E8303D3C6153043E4F0 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 83.zip" sh=5DB9129DCC1730B62BF2B4F73B531D9AD6B7EB4C ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 19.zip" sh=CB76A079438E7661856F00AB9772F5D139EC278F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 4.zip" sh=758DF98B9CA8326BF49EA175B19A5CFDB75E272E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 5.zip" sh=B894A4A00B77F000FBD8F73AB1A2C1E578DED182 ft=0 fh=0000000000000000 vn="Win32/VuuPc.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 6.zip" sh=E43CAD655F722D15B8899F094CE5B29FFE4E3ABB ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 8.zip" sh=EDE4BFA2960A4FE9D033DB0F5D8625AC69C9D9E3 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-20 190002\Backup files 90.zip" sh=F958E134EAB56189F8C84392D9CC6B310C04A4D0 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-27 190002\Backup files 12.zip" sh=CBD4E721120277D82327C75A93BD1FF15BAB9715 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-04-27 190002\Backup files 3.zip" sh=6787A0C70B321AB540D25D577A7612921FFB6675 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-05-04 190002\Backup files 5.zip" sh=CD2433DEDACDF786F9B48F9AE169CBBA4747A991 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-05-04 190002\Backup files 6.zip" sh=AB31CF993188F714AED840B00E5D35F0565AE21C ft=0 fh=0000000000000000 vn="Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-05-11 190002\Backup files 16.zip" sh=0C87F9BE0034304B2E990EDDB2389E5484D31F99 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BD evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-04-20 190002\Backup Files 2014-05-18 190002\Backup files 2.zip" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2777dd870c7066439d35192e95bac94b # engine=22127 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-24 11:20:57 # local_time=2015-01-25 12:20:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 37675 29773212 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 123697 173771507 0 0 # scanned=364912 # found=40 # cleaned=0 # scan_time=29782 sh=F71BE2FD46A49029353B012109583CB6752B4412 ft=1 fh=c71c00110fcd70c0 vn="Variante von MSIL/Adware.iBryte.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\Client.exe.vir" sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir" sh=CEB11491354A00C06C0418FC45B217CEDC389B42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Margit\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir" sh=9CA71C727934861E9351AF97CC28CEA38811B07C ft=1 fh=15a0a042e9313939 vn="Variante von Win32/AdWare.Adpeak.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" sh=930499204FAAC56F0A6740EAC64C93EA35106175 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\1d7a678c-2599-4f2a-b180-eaaadf1cfcad.crx" sh=2A7086BA8B785CAFDD11934E4D118664177C71AF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\1db16b81-14f2-458c-8501-52fcd3ac4400.crx" sh=A36B4997631ED7E9876ED3EB6482F1EFED17E34F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\1db16b81-14f2-458c-8501-52fcd3ac4400.xpi" sh=7B3F4BDAAE39C7872EB0478F12611ECBC0847414 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38.crx" sh=C58FDA7FBD3C76D88237E3CA06E0073A69D776A8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38.xpi" sh=259F6A6A0A48FA2D7A3BA87BD79C9B7D2AD01B13 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\3bd2a66d-6045-4320-bce5-355ba9209e38_.xpi" sh=7B3F4BDAAE39C7872EB0478F12611ECBC0847414 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\61099b86-a8d2-47b2-b788-4f68057e44e9.crx" sh=BA52B1EF7A273062201C81413C4CE187FE9B59AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\d5f524cc-761a-4bd1-bea6-be332b4afab4.crx" sh=2A7086BA8B785CAFDD11934E4D118664177C71AF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\TheHDvid-Codec V10\f4c8b5ff-9bb3-421d-b5a2-fab0c91e33ee.crx" sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Temp\InstallFilter64.msi" sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Temp\t.msi" sh=3C9AC24121A50B5EBDDF5B06D10739DDF9A60120 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Margit\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx" sh=44341AC3075A630346D44C97F22FE3B8DB90A2C8 ft=1 fh=03026ae03c5e9bfc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=5BA2A1AB903E6B0FAC7FD1B0BC4B4F32262BAC67 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1864e99.msi" sh=D5140D9206F7605134793E17885A6DD7CCC38EAE ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.Adpeak.G Anwendung" ac=I fn="C:\Windows\Installer\224c41b.msi" sh=19CA6B0692A041B3DA02EC0BA7B8D970CFC61F15 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Installer\23806b.msi" sh=925A0BAB5160A2463684131985BF453F59282D4C ft=1 fh=e26cd0c06f3e0509 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\FiddlerCore.dll" sh=F4CE4E618F99E326D8B8F57C25DF31FEC3D28BB7 ft=1 fh=6ac795d1c9b6c083 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Installer.CustomActions.dll" sh=53B8BB32449A648F9CC1AB5E41CB56DCC0F43E3C ft=1 fh=4d3211cc9e1bbe34 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Monetization.Proxy.ProxyService.dll" sh=FE8FD5C7807A68E44F9D4E15099F5918E656C619 ft=1 fh=b1171117cdefd791 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=9AA379DBA3254708473EBD116A7C87070E3E1416 ft=1 fh=d53322916ab5f2f6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll" sh=CF23A22E7DFADDB7E6894B05C8316B544DEC55A4 ft=1 fh=c48caeae427715d5 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\spbe.dll" sh=56A92F0349EE078381D354A0D4FB9F31665B5BD4 ft=1 fh=af73c64a4a1cc674 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\spbl.dll" sh=26F789DCC4A509F84DD3438F3374871DC88BC7AA ft=1 fh=c36808be0ac078fe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\sppsm.dll" sh=BA710FFEC4C4AFCDE8F93D8357C1F3192E4D3363 ft=1 fh=5d7231d3bb54a67f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\spusm.dll" sh=C1DE928C5BED1D277969D3946EEAC0889DC81C8F ft=1 fh=34728812cfdd98cc vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\srbs.dll" sh=31D276FE95474087ADC84EC19366D2F7A778D978 ft=1 fh=f92df9bcfb97a497 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\srbu.dll" sh=78C58B7FF874CB8D9EEF59ACF2BECC03C9C4E1C5 ft=1 fh=6ce6648a1bbb7b72 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\srptc.dll" sh=3E5BF036DFA7643C384FB6C4C457535043DE1422 ft=1 fh=66bfae3099472e9b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE46B.tmp-\srpu.dll" sh=56ABE0F3B5E5747FEDF8ADEAD95E57923993090A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2014-12-31 232241\Backup files 10.zip" sh=970F06543DF664BEE86F17CE4EF2802D4359C612 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2014-12-31 232241\Backup files 26.zip" sh=E21D14880B61788D9214D6731AC54ABF71C93FFF ft=0 fh=0000000000000000 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2014-12-31 232241\Backup files 43.zip" sh=EE68F77902945F8CDEF5680D9957614D29BE93CB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2015-01-04 190003\Backup files 16.zip" sh=D747D91108A62647DE3CE2EF6B1BEB4F9D9EB67E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2015-01-04 190003\Backup files 3.zip" sh=6F64FB539457CF1C9ED802521674A444FCC18466 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2015-01-11 190003\Backup files 1.zip" sh=22822E2FB462F4F0F1F88373274362AF9B4ED1D4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="D:\JUSTIN-PC\Backup Set 2014-12-31 232241\Backup Files 2015-01-11 190003\Backup files 4.zip" |
25.01.2015, 01:07 | #22 |
| Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Margit (administrator) on JUSTIN-PC on 25-01-2015 01:03:50 Running from C:\Users\Gast\Downloads Loaded Profiles: Margit & Gast (Available profiles: Margit & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Program Files (x86)\Drakonia Configurator\hid.exe () C:\Program Files (x86)\Monitor.EXE (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] () HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Monitor.exe [475136 2014-02-26] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [GoogleChromeAutoLaunch_BB36B386FC91F3D4CC09C0FCB27081F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Akamai NetSession Interface] => C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Speed AutoClicker] => "C:\Users\Gast\Desktop\SpeedAutoClicker.exe" -startup HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bcbinit.vbs () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> DefaultScope {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {805669DD-CC80-4E13-AF01-E6BBB8F7C34F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {B45C6E68-E31C-45D8-AD1E-4DE9B593D291} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default FF NetworkProxy: "type", FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-501: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Amazon-Icon - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\amazon-icon@giga.de [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org [2013-10-20] FF Extension: qualitink - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox@qualitink.net [2013-11-15] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2013-10-20] FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff [Not Found] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (YouTube) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (AdBlock Premium) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-24] CHR Extension: (Google Wallet) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2015-01-20] (AVM Berlin) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-29] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-15] () S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] () R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-15] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 ALSysIO; \??\C:\Users\Margit\AppData\Local\Temp\ALSysIO64.sys [X] S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 drvr; \??\C:\Windows\system32\drivers\drvr.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 23:48 - 2015-01-24 23:49 - 35255109 _____ () C:\Users\Gast\Downloads\Z0rker (2).zip 2015-01-24 16:02 - 2015-01-24 16:02 - 02347384 _____ (ESET) C:\Users\Gast\Downloads\esetsmartinstaller_deu.exe 2015-01-24 14:17 - 2015-01-24 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal 2015-01-24 14:17 - 2015-01-24 14:17 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal 2015-01-24 14:15 - 2015-01-24 14:16 - 22884332 _____ (Craften.de ) C:\Users\Gast\Downloads\craftenterminal-beta (1).exe 2015-01-24 14:07 - 2015-01-24 14:08 - 22884332 _____ (Craften.de ) C:\Users\Gast\Downloads\craftenterminal-beta.exe 2015-01-23 19:24 - 2015-01-23 19:24 - 42610768 _____ (Google Inc.) C:\Users\Gast\Downloads\ChromeStandaloneSetup.exe 2015-01-23 18:48 - 2015-01-23 18:50 - 54996602 _____ () C:\Users\Gast\Downloads\Z0rker (1).zip 2015-01-23 16:44 - 2015-01-23 16:44 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 16:44 - 2015-01-23 16:44 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 16:36 - 2015-01-23 16:37 - 67350808 _____ (Logitech Inc.) C:\Users\Gast\Downloads\LGS_8.57.145_x64_Logitech.exe 2015-01-23 16:29 - 2015-01-23 16:29 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Logitech 2015-01-21 19:32 - 2015-01-21 19:33 - 07374858 _____ () C:\Users\Gast\Downloads\Metro.zip 2015-01-20 19:51 - 2015-01-20 19:51 - 00014704 _____ () C:\Users\Margit\Downloads\mbam-log-2015-01-20 (19-21-18).xml 2015-01-20 19:51 - 2015-01-20 19:51 - 00005212 _____ () C:\Users\Gast\Desktop\mbam.txt 2015-01-17 19:27 - 2015-01-17 19:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-17 19:27 - 2015-01-17 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-17 19:26 - 2015-01-17 19:26 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Gast\Downloads\SkypeSetup.exe 2015-01-17 19:11 - 2015-01-17 19:11 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Margit\Downloads\Shockwave_Installer_Slim.exe 2015-01-17 14:46 - 2015-01-22 15:34 - 00043468 _____ () C:\Users\Gast\Downloads\Addition.txt 2015-01-17 14:31 - 2015-01-25 01:03 - 00000000 ____D () C:\Users\Gast\Downloads\FRST-OlderVersion 2015-01-14 15:54 - 2015-01-14 15:54 - 00002067 _____ () C:\Users\Public\Desktop\AMD OverDrive.lnk 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-01-14 12:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:44 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:44 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-11 01:39 - 2015-01-11 01:39 - 00001813 _____ () C:\Users\Margit\Desktop\MbamSuchlauf.txt 2015-01-10 18:41 - 2015-01-10 18:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-10 18:40 - 2015-01-10 18:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 18:40 - 2015-01-10 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-10 18:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-10 18:39 - 2015-01-10 18:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\Users\Margit\AppData\Local\A 2015-01-02 12:41 - 2015-01-02 12:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Aeria Games 2015-01-02 00:28 - 2015-01-02 00:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Aeria Games 2015-01-02 00:27 - 2015-01-02 00:27 - 00000000 ____D () C:\ProgramData\Aeria Games 2015-01-02 00:26 - 2015-01-02 00:26 - 00001665 _____ () C:\Users\Margit\Desktop\S4 League.lnk 2015-01-02 00:26 - 2015-01-02 00:26 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00002028 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Aeria Games & Entertainment 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Program Files (x86)\Aeria Games 2015-01-01 05:38 - 2015-01-01 21:01 - 00001241 _____ () C:\Users\Margit\Desktop\Guns And Robots.lnk 2015-01-01 05:38 - 2015-01-01 06:20 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guns And Robots 2015-01-01 05:38 - 2015-01-01 05:40 - 00000000 ____D () C:\Users\Margit\AppData\Local\Guns And Robots 2015-01-01 03:05 - 2015-01-01 03:05 - 00001199 _____ () C:\Users\Margit\Desktop\NosTale - Verknüpfung.lnk 2014-12-31 23:19 - 2014-12-31 23:19 - 00003010 _____ () C:\Windows\System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} 2014-12-31 23:16 - 2014-12-31 23:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-12-31 23:10 - 2014-12-31 23:10 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OpenOffice 2014-12-31 14:05 - 2014-12-31 14:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\MingGuan 2014-12-31 13:53 - 2014-12-31 14:00 - 00000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skiller Pro 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\Program Files (x86)\skins 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:52 - 2014-12-31 13:52 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\InstallShield 2014-12-31 13:44 - 2015-01-23 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia 2014-12-31 13:44 - 2015-01-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator 2014-12-31 13:44 - 2014-12-31 13:44 - 01192533 _____ () C:\Windows\unins001.exe 2014-12-31 13:44 - 2014-12-31 13:44 - 00017982 _____ () C:\Windows\unins001.dat 2014-12-31 13:44 - 2014-12-31 13:44 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\MingGuan 2014-12-30 11:35 - 2014-12-30 19:55 - 00000000 ____D () C:\AdwCleaner 2014-12-29 23:04 - 2014-12-29 23:05 - 06594837 _____ () C:\Users\Gast\Downloads\Z0rker.zip 2014-12-29 17:05 - 2014-12-29 17:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\LolClient 2014-12-29 00:38 - 2014-12-29 00:38 - 00001129 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2014-12-29 00:37 - 2014-12-29 00:43 - 00000000 ____D () C:\Users\Margit\AppData\Local\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2014-12-29 00:02 - 2014-12-29 00:02 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieBrowserModeList 2014-12-28 23:26 - 2015-01-25 01:04 - 00020765 _____ () C:\Users\Gast\Downloads\FRST.txt 2014-12-28 23:22 - 2015-01-25 01:03 - 00000000 ____D () C:\FRST 2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieBrowserModeList 2014-12-28 21:55 - 2015-01-25 01:03 - 02129920 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe 2014-12-28 21:09 - 2014-12-28 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) 2014-12-28 17:16 - 2015-01-19 20:24 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-28 17:05 - 2014-12-28 17:05 - 00000000 ____D () C:\Users\Margit\AppData\Local\Logitech 2014-12-27 02:50 - 2014-12-27 02:50 - 00000000 ____D () C:\Users\Margit\Documents\Raiderz 2014-12-27 02:19 - 2014-12-27 02:42 - 00000000 ___HD () C:\ArcTemp 2014-12-27 02:12 - 2014-12-27 02:17 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Arc 2014-12-27 02:12 - 2014-12-27 02:12 - 00000000 ____D () C:\Users\Public\Documents\Arc 2014-12-27 02:07 - 2014-12-28 23:13 - 00000000 ____D () C:\Program Files (x86)\Arc 2014-12-27 02:07 - 2014-12-27 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-12-27 01:30 - 2014-12-27 01:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\FiestaOnline ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 00:59 - 2014-04-23 16:06 - 00275968 ___SH () C:\Users\Margit\Desktop\Thumbs.db 2015-01-25 00:31 - 2014-10-22 21:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-25 00:18 - 2012-12-17 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-24 23:44 - 2012-12-17 10:33 - 01766137 _____ () C:\Windows\WindowsUpdate.log 2015-01-24 21:31 - 2014-10-22 21:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-24 15:46 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 15:46 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 15:42 - 2014-04-17 20:18 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2015-01-24 15:38 - 2014-10-24 13:04 - 00023992 _____ () C:\Windows\setupact.log 2015-01-24 15:38 - 2014-10-24 13:03 - 00057134 _____ () C:\Windows\PFRO.log 2015-01-24 15:38 - 2013-06-13 12:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-24 15:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-24 15:16 - 2014-07-12 17:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\.minecraft 2015-01-24 15:12 - 2014-07-16 18:28 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Craften Terminal 2015-01-24 14:22 - 2014-04-25 16:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\.minecraft 2015-01-24 14:21 - 2013-09-13 19:13 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Craften Terminal 2015-01-24 00:32 - 2014-06-18 16:44 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype 2015-01-23 19:24 - 2014-10-22 21:22 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-23 16:45 - 2014-11-11 14:47 - 00000000 ____D () C:\Program Files\Logitech Gaming Software 2015-01-23 16:43 - 2014-11-11 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-23 15:18 - 2012-12-17 13:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-23 15:18 - 2012-12-17 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 15:18 - 2012-12-17 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-22 22:14 - 2014-04-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 20:27 - 2013-04-06 01:31 - 00000000 ____D () C:\Program Files (x86)\HyperCam 3 2015-01-20 20:09 - 2014-09-28 15:33 - 00000000 ____D () C:\Users\Gast\Desktop\Floral Flyff Client 2015-01-20 20:02 - 2013-05-14 18:01 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-01-20 19:43 - 2014-02-02 16:22 - 00000000 ____D () C:\Users\Margit\AppData\Local\Temp3630fecaa073aa021a2f274d8493fd83 2015-01-20 19:43 - 2013-02-16 19:06 - 00000000 ____D () C:\Users\Margit\AppData\Local\mcpatcher 2015-01-20 19:42 - 2014-12-07 12:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\TeamSpeak 3 Client 2015-01-20 19:31 - 2014-08-21 15:26 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec V10 2015-01-20 19:31 - 2014-05-29 11:23 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-20 19:31 - 2014-05-28 20:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-20 19:28 - 2012-12-17 10:46 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-19 16:30 - 2014-07-25 22:41 - 00000000 ____D () C:\Users\Margit\AppData\Local\LogMeIn Hamachi 2015-01-19 16:20 - 2012-12-08 20:26 - 00000000 ____D () C:\Users\Gast\Desktop\Minecraft Bukkit Server 1.6.4 2015-01-17 20:43 - 2012-12-21 11:53 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-17 19:27 - 2012-12-21 11:53 - 00000000 ____D () C:\ProgramData\Skype 2015-01-17 18:58 - 2012-12-21 11:53 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Skype 2015-01-15 20:30 - 2013-05-14 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN 2015-01-14 22:08 - 2013-07-13 02:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 22:08 - 2012-12-17 12:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:52 - 2013-06-21 15:36 - 00000000 ____D () C:\Users\Margit\AppData\Local\Downloaded Installations 2015-01-13 22:07 - 2014-09-30 14:49 - 00000180 _____ () C:\Users\Gast\Desktop\Neues Textdokument (3).txt 2015-01-10 18:29 - 2012-12-21 17:09 - 00000000 ____D () C:\Users\Margit\AppData\Local\Adobe 2015-01-09 18:32 - 2014-11-06 17:50 - 00000000 ____D () C:\Users\Gast\Desktop\NosTale 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-02 00:19 - 2014-12-22 20:49 - 00000000 ____D () C:\AeriaGames 2015-01-02 00:19 - 2014-06-27 19:24 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2015-01-02 00:10 - 2014-05-03 21:34 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2015-01-01 21:01 - 2013-07-09 12:29 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-01-01 05:40 - 2014-02-27 12:14 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Apple Computer 2015-01-01 02:51 - 2014-05-30 11:22 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-01 02:46 - 2014-11-06 17:39 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2015-01-01 02:46 - 2012-12-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2014-12-31 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-31 23:37 - 2014-07-24 17:53 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-12-31 23:37 - 2014-06-23 20:16 - 00000000 ____D () C:\Users\Gast\Documents\My Games 2014-12-31 23:16 - 2012-12-17 10:45 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-31 14:01 - 2014-07-13 20:37 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client 2014-12-31 13:53 - 2012-12-17 10:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-31 13:28 - 2014-05-30 11:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2014-12-30 12:05 - 2014-11-28 18:43 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2014-12-30 12:04 - 2014-12-20 19:01 - 00000000 ____D () C:\Windows\system32\log 2014-12-29 22:09 - 2013-04-22 14:55 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-29 15:45 - 2014-05-30 11:22 - 00109152 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 15:42 - 2009-07-14 05:45 - 00390200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-29 00:37 - 2014-02-20 16:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-29 00:37 - 2012-12-17 10:46 - 00109152 _____ () C:\Users\Margit\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 00:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-12-28 23:54 - 2014-12-22 20:44 - 00000000 ____D () C:\Users\Gast\AppData\Local\Akamai 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Samsung 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Local\Samsung 2014-12-28 23:20 - 2014-04-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-12-28 23:20 - 2014-02-06 16:59 - 00000000 ____D () C:\ProgramData\Samsung 2014-12-28 23:17 - 2014-09-20 19:14 - 00000000 ____D () C:\ProgramData\NexonUS 2014-12-28 23:16 - 2014-03-20 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-28 23:16 - 2014-03-20 21:56 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-28 23:15 - 2014-03-20 21:59 - 00000000 ____D () C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Premium_Download_Version 2014-12-28 23:10 - 2013-04-03 16:02 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-28 23:07 - 2014-03-14 16:07 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\ProgramData\Freemake 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-12-28 23:06 - 2014-05-26 09:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-28 23:05 - 2014-07-31 00:37 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2014-12-28 23:01 - 2013-09-09 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-28 23:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2014-12-31 13:53 - 2014-12-31 14:00 - 0000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2012-08-14 22:41 - 0061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:53 - 2013-09-12 14:15 - 0331510 _____ () C:\Program Files (x86)\Icon.ico 2014-12-31 13:53 - 2014-09-03 15:58 - 0057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 0475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2006-08-22 15:05 - 0002238 _____ () C:\Program Files (x86)\Uninstall.ico 2013-08-18 12:44 - 2013-08-18 12:46 - 0047104 ___SH () C:\Users\Margit\AppData\Roaming\Thumbs.db 2014-02-20 21:57 - 2014-03-14 12:56 - 0000053 _____ () C:\Users\Margit\AppData\Roaming\WB.CFG 2012-12-20 17:46 - 2013-04-06 03:00 - 0007680 _____ () C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Users\Margit\Desktopasdasd.exe C:\Users\Margit\S4_League.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 01:09 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Margit at 2015-01-25 01:05:10 Running from C:\Users\Gast\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Akamai) (Version: - Akamai Technologies, Inc) allday savings (HKLM\...\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A) (Version: 2.0.1 - allday savings) AMD Catalyst Install Manager (HKLM\...\{047D5657-1DAC-2B16-E110-F4A9C0E7EF2C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Craften Terminal 4.1 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.1.5494.36963 - Craften.de) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4310 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC Universe Online (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment) DC Universe Online Live (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment) DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Guns And Robots (HKLM-x32\...\Guns And Robots) (Version: 1.0 - Mastheadstudios Ltd.) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version: - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech) Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.) Logitech Z-series Software 1.04 (HKLM\...\{B38BCB00-1C17-48F5-BB94-584BB89D34D0}) (Version: 1.04.153 - Logitech) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden MAGIX Music Maker MX Premium Download Version (x32 Version: 18.0.0.42 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) S4 League (HKLM-x32\...\S4 League) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Spotify) (Version: 0.9.14.11.g7e298e37 - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Update kb77600 (HKLM-x32\...\{79BB0733-58A2-486C-AA02-F9BAB929EFF8}) (Version: 1.0.0 - MSR) <==== ATTENTION Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Treiber-Studio 2013 (HKLM\...\{2D3471B9-8671-46F0-9947-4C0DB6234403}) (Version: 8.1.428 - Publish Data) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) YouTube (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659) (Version: 1.0.9.53204 - Pokki) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-01-2015 16:39:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 14:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00BFA346-0F61-4DB5-94CB-5A5D7D52CFB9} - System32\Tasks\{E853544F-29DE-4A80-9A15-633B15B19F21} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\pushinst.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {03EA357E-52D0-413D-8D49-E1F45E0A4E95} - System32\Tasks\{06818C6F-1EE9-4624-BF19-CF01A8F021B5} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {0D6A0BA9-DF4E-4168-8AB5-2A3CA14209C1} - System32\Tasks\{2A83181E-E6A5-40A8-A1E7-0EDC4B1878FC} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {1F34B0D5-B054-42DE-A0C4-BC12095BA138} - System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} => pcalua.exe -a E:\Setup\Setup.exe -d E:\ Task: {24723AB7-117D-437B-89F4-20634CDC8F09} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {27D18596-A4E7-49C1-8B22-1C09B93019FA} - System32\Tasks\{25E61622-D504-4687-8CA0-DB1AE11A2406} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {3125A5D9-5466-4492-AB39-C3CC3275B630} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe Task: {333C954D-759E-44B8-8A20-DDFDE24FDC83} - System32\Tasks\{F80032B6-FD8B-4C37-B4C9-F1D860EE2A6E} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {3CD639F6-8AD5-4455-B0E4-320967B3959E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated) Task: {408161EA-4870-4E07-8E72-72EFA6EC3E90} - System32\Tasks\{F960AAB2-4C92-4C84-A958-DA87CFCD15FA} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\setup.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {414285DD-F86E-4FCB-91B8-50E84BE70E7A} - System32\Tasks\{9ACF3A99-E37B-43E0-A2AD-257222583004} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {4EBBCC70-8C9A-4670-90FA-8DFDFB0FD382} - System32\Tasks\{D1CBE8AD-32B1-4506-BCBC-71D28B9CD788} => pcalua.exe -a C:\Users\Margit\AppData\Local\Temp\{96C5A240-4257-448F-9F47-7D5C20A5C931}\setup.exe -d "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154" Task: {51367041-B77D-410F-AF6F-70B86CD7DEF0} - System32\Tasks\{12D0D921-EA07-4C9E-984C-D9DB7599421C} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {57E857AC-D073-4F22-878D-3036530C67BC} - System32\Tasks\{127E358C-5CE0-4EC3-8BCE-A39481B22E42} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {597DEE36-BDBA-4B26-9FF6-A92D39DFDC16} - System32\Tasks\{25BCCB07-CC7E-41B9-883B-3186D30FAB59} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {5D4C3598-0056-4C1B-B7CD-5E71AF7FF81F} - System32\Tasks\{AD5AFC9C-1A7A-4481-95C9-331FF3137DF4} => pcalua.exe -a E:\setup.exe -d E:\ Task: {5F99CCCE-3299-42DA-9619-746671EF331A} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG) Task: {626F3468-8501-4E35-BFE2-45C98209441A} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {6313AF1E-5AAB-424D-B3B2-BECBAC75A2DE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe Task: {6FFB1919-1FA9-4CDB-8523-686D2F9EA261} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {81B2819A-2FD4-4C10-A88D-FECDB52F6DA8} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-14] (ASUSTeK Computer Inc.) Task: {8520F69A-B90C-4530-A22B-105D5E08919E} - System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} => C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\Nostale.exe Task: {8F1573B8-40CD-4F08-9747-4577890147F9} - System32\Tasks\{10699523-0978-4EEC-B551-6B7DFEBF3E5B} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {9952CC9E-442F-4C72-8559-FD64B07CFAD6} - System32\Tasks\{749B462B-1FCA-4DAD-9483-A1A03E48C574} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {A47A0592-6656-4E9D-82FC-DB24584F8713} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {B2D997F3-3C2B-4580-827C-8D10073AC37D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000Core => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B41DC9CA-413E-4BFC-ADAF-20114A8D82DB} - System32\Tasks\{891AAF44-5CAE-4B8A-931F-D71ADD64C53D} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {B746A350-8CCC-44B0-A11C-ADACF1731324} - System32\Tasks\{38081923-7D7F-4245-AE6B-B3FD6CADCB7B} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {B7BDC3B0-800B-48A1-A1EC-6E182B7AB7BF} - System32\Tasks\{135D557F-798B-4B30-9EF1-83F4CB2E14BF} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {BCEA647A-F118-4805-A05B-DA46186DF91B} - System32\Tasks\{19C2391B-B695-4206-ACEC-CFC188BFEAB6} => C:\Users\Margit\Desktop\HGWC Bypass\HGWC Bypass.exe Task: {C48504B3-C984-4B65-8844-8EFD37641110} - System32\Tasks\{F33716A5-2C9C-4596-B5E9-8FAC56D6A5FF} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}" Task: {D424A41E-977B-4BC1-8465-571E3CAC97CE} - System32\Tasks\{CEED9F63-5F09-41F1-9A60-A21377CA528B} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {D4A1E8FE-F77F-42B3-B38D-32D785A6D231} - System32\Tasks\{CA88250D-EDE0-415D-A7D9-80E1432B7A09} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {D6FDA0FC-3C68-4B92-ACFE-0CEE5DFE361D} - System32\Tasks\{27FC4681-DE2C-4C93-A5B5-F85ADDA5CD22} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-13] (LogMeIn Inc.) Task: {DF5648D2-25DC-4486-8F81-58F34C2D1376} - System32\Tasks\{C5C32378-3A80-41C0-A496-CB252C3EF91D} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {F5DC1BEA-DC5E-4B37-91FC-D34DAEF58010} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {F80EF664-B8BB-4371-AAA1-B250253DE11D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {F8237811-A5CF-4425-B59D-3FAC773AB9D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000UA => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-29 22:25 - 2013-04-29 22:25 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2014-12-31 13:44 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:44 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe 2014-12-31 13:44 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:44 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: BackupStack => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: ClaraUpdater => 2 MSCONFIG\Services: CltMngSvc => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: HiPatchService => 2 MSCONFIG\Services: HitmanProScheduler => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Arc\ArcLauncher.exe /autorun MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe" MSCONFIG\startupreg: FixMyRegistry => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss MSCONFIG\startupreg: FLV Player => C:\Users\Margit\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe MSCONFIG\startupreg: GameforgeLive => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart MSCONFIG\startupreg: GoogleChromeAutoLaunch_7D78684C04D130A2BFD725AA212F80C4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss MSCONFIG\startupreg: Spotify => "C:\Users\Margit\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3413827966-1155256820-1680526860-500 - Administrator - Disabled) Gast (S-1-5-21-3413827966-1155256820-1680526860-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-3413827966-1155256820-1680526860-1004 - Limited - Enabled) Margit (S-1-5-21-3413827966-1155256820-1680526860-1000 - Administrator - Enabled) => C:\Users\Margit ==================== Faulty Device Manager Devices ============= Name: hamachi Description: hamachi Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/24/2015 03:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/24/2015 02:10:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JUSTIN-PC) Description: Die Anwendung oder der Dienst "Craften Terminal" konnte nicht heruntergefahren werden. Error: (01/24/2015 02:09:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JUSTIN-PC) Description: Die Anwendung oder der Dienst "Craften Terminal" konnte nicht heruntergefahren werden. Error: (01/24/2015 01:11:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/23/2015 04:38:52 PM) (Source: MsiInstaller) (EventID: 11101) (User: JUSTIN-PC) Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\Margit\AppData\Local\Temp\Uninstall_x64.vbs. System error 2. Verify that the file exists and that you can access it. Error: (01/23/2015 01:59:32 PM) (Source: MsiInstaller) (EventID: 11001) (User: JUSTIN-PC) Description: Product: System Update kb77600 -- Error 1001. Error 1001. Beim Initialisieren der Installation ist eine Ausnahme aufgetreten: System.IO.FileNotFoundException: Die Datei oder Assembly "file:///C:\Program Files (x86)\MSR\System Update kb77600\InstallFirefoxExtension.dll" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/23/2015 01:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2015 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/22/2015 02:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/24/2015 03:36:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/24/2015 01:55:28 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/23/2015 04:44:30 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/23/2015 04:17:00 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/23/2015 02:05:33 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/23/2015 01:55:13 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/22/2015 10:15:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/22/2015 09:31:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/22/2015 09:31:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (01/22/2015 09:31:44 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (01/24/2015 03:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c170c01d0370aa99f4538C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll6c7ddac2-a3d6-11e4-bf3f-50465d9054db Error: (01/24/2015 02:10:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JUSTIN-PC) Description: 1C:\Program Files (x86)\Craften Terminal\Craften Terminal.exeCraften Terminal021174144843003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004D006900630072006F0073006F00660074002E0054006800720065006100640069006E0067002E005400610073006B0073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00430065006600530068006100720070002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004300720061006600740065006E002E005500740069006C00690074006900650073002E0044006F0077006E006C006F0061006400650072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00430061006C0069006200750072006E002E004D006900630072006F002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004300720061006600740065006E0020005400650072006D0069006E0061006C002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00530079007300740065006D002E0054006800720065006100640069006E0067002E005400610073006B0073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00530079007300740065006D002E00570069006E0064006F00770073002E0049006E00740065007200610063007400690076006900740079002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C005200650073007400530068006100720070002E0064006C006C000000 Error: (01/24/2015 02:09:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JUSTIN-PC) Description: 1C:\Program Files (x86)\Craften Terminal\Craften Terminal.exeCraften Terminal021174144843003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004D006900630072006F0073006F00660074002E0054006800720065006100640069006E0067002E005400610073006B0073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00430065006600530068006100720070002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004300720061006600740065006E002E005500740069006C00690074006900650073002E0044006F0077006E006C006F0061006400650072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00430061006C0069006200750072006E002E004D006900630072006F002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C004300720061006600740065006E0020005400650072006D0069006E0061006C002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00530079007300740065006D002E0054006800720065006100640069006E0067002E005400610073006B0073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C00530079007300740065006D002E00570069006E0064006F00770073002E0049006E00740065007200610063007400690076006900740079002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004300720061006600740065006E0020005400650072006D0069006E0061006C005C005200650073007400530068006100720070002E0064006C006C000000 Error: (01/24/2015 01:11:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/23/2015 04:38:52 PM) (Source: MsiInstaller) (EventID: 11101) (User: JUSTIN-PC) Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\Margit\AppData\Local\Temp\Uninstall_x64.vbs. System error 2. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/23/2015 01:59:32 PM) (Source: MsiInstaller) (EventID: 11001) (User: JUSTIN-PC) Description: Product: System Update kb77600 -- Error 1001. Error 1001. Beim Initialisieren der Installation ist eine Ausnahme aufgetreten: System.IO.FileNotFoundException: Die Datei oder Assembly "file:///C:\Program Files (x86)\MSR\System Update kb77600\InstallFirefoxExtension.dll" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/23/2015 01:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/22/2015 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c171401d036445d7e638cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllb859c1d5-a27b-11e4-8a66-50465d9054db Error: (01/22/2015 02:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-05-27 15:13:08.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-27 15:13:08.557 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 39% Total physical RAM: 7918.12 MB Available physical RAM: 4755.91 MB Total Pagefile: 15834.42 MB Available Pagefile: 12660.13 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:74.34 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:99.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A844CCAC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
26.01.2015, 23:38 | #23 | |
Ruhe in Frieden † 2019 | Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Hallo, Zitat:
Was macht dein Rechner denn nun so? Generell aufpassen mit Tuningsoftware und Registrycleanern. Du solltest mal deine kompletten BackUps entsorgen und neue machen und msconig entrümpeln. Deinstalliere bitte auch nochmal unter Systemsteuerung Programme deinstallieren: youtube Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 C:\Program Files (x86)\Chromer C:\Program Files (x86)\HDPlayer\ C:\Program Files (x86)\qualitink\ C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000 C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js C:\Users\Margit\Documents\LostSagaEU_Full.exe C:\Temp\t.msi C:\Users\Margit\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx C:\Program Files (x86)\TheHDvid-Codec V10\ C:\Temp\InstallFilter64.msi C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll C:\Windows\Installer\1864e99.msi C:\Windows\Installer\224c41b.msi C:\Windows\Installer\23806b.msi C:\Windows\Installer\MSIE46B.tmp-\FiddlerCore.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Installer.CustomActions.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Monetization.Proxy.ProxyService.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll C:\Windows\Installer\MSIE46B.tmp-\spbe.dll C:\Windows\Installer\MSIE46B.tmp-\spbl.dll C:\Windows\Installer\MSIE46B.tmp-\sppsm.dll C:\Windows\Installer\MSIE46B.tmp-\spusm.dll C:\Windows\Installer\MSIE46B.tmp-\srbs.dll C:\Windows\Installer\MSIE46B.tmp-\srbu.dll C:\Windows\Installer\MSIE46B.tmp-\srptc.dll C:\Windows\Installer\MSIE46B.tmp-\srpu.dll Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
27.01.2015, 15:41 | #24 |
| Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Ja mir ist es klar, dass sie auch noch ein leben abseits des Boards haben somit sehe ich keine Probleme in der Verzögerung. Führen wir einfach wie immer fort mit dem reinigen meines PC´s Ich habe außerdem kein Programm da, dass YouTube heißt Das ging überraschend schnell o.O Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Margit at 2015-01-27 15:26:53 Run:2 Running from C:\Users\Gast\Downloads Loaded Profiles: Margit & Gast (Available profiles: Margit & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 C:\Program Files (x86)\Chromer C:\Program Files (x86)\HDPlayer\ C:\Program Files (x86)\qualitink\ C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001 C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000 C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js C:\Users\Margit\Documents\LostSagaEU_Full.exe C:\Temp\t.msi C:\Users\Margit\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx C:\Program Files (x86)\TheHDvid-Codec V10\ C:\Temp\InstallFilter64.msi C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll C:\Windows\Installer\1864e99.msi C:\Windows\Installer\224c41b.msi C:\Windows\Installer\23806b.msi C:\Windows\Installer\MSIE46B.tmp-\FiddlerCore.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Installer.CustomActions.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Monetization.Proxy.ProxyService.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll C:\Windows\Installer\MSIE46B.tmp-\spbe.dll C:\Windows\Installer\MSIE46B.tmp-\spbl.dll C:\Windows\Installer\MSIE46B.tmp-\sppsm.dll C:\Windows\Installer\MSIE46B.tmp-\spusm.dll C:\Windows\Installer\MSIE46B.tmp-\srbs.dll C:\Windows\Installer\MSIE46B.tmp-\srbu.dll C:\Windows\Installer\MSIE46B.tmp-\srptc.dll C:\Windows\Installer\MSIE46B.tmp-\srpu.dll ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. "C:\Program Files (x86)\Chromer" => File/Directory not found. "C:\Program Files (x86)\HDPlayer" => File/Directory not found. "C:\Program Files (x86)\qualitink" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\019\t\00\00000000" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\020\t\00\00000000" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\021\t\00\00000000" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\023\t\00\00000000" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\024\t\00\00000001" => File/Directory not found. "C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\File System\026\t\00\00000000" => File/Directory not found. "C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\extensions\firefox@qualitink.net\chrome\content\overlay.js" => File/Directory not found. "C:\Users\Margit\Documents\LostSagaEU_Full.exe" => File/Directory not found. C:\Temp\t.msi => Moved successfully. C:\Users\Margit\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx => Moved successfully. C:\Program Files (x86)\TheHDvid-Codec V10 => Moved successfully. C:\Temp\InstallFilter64.msi => Moved successfully. C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully. C:\Windows\Installer\1864e99.msi => Moved successfully. C:\Windows\Installer\224c41b.msi => Moved successfully. C:\Windows\Installer\23806b.msi => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\FiddlerCore.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Installer.CustomActions.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Monetization.Proxy.ProxyService.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\spbe.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\spbl.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\sppsm.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\spusm.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\srbs.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\srbu.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\srptc.dll => Moved successfully. C:\Windows\Installer\MSIE46B.tmp-\srpu.dll => Moved successfully. ==== End of Fixlog 15:26:54 ==== Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Margit at 2015-01-27 15:29:18 Running from C:\Users\Gast\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Akamai) (Version: - Akamai Technologies, Inc) allday savings (HKLM\...\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A) (Version: 2.0.1 - allday savings) AMD Catalyst Install Manager (HKLM\...\{047D5657-1DAC-2B16-E110-F4A9C0E7EF2C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Craften Terminal 4.1 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.1.5494.36963 - Craften.de) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4310 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC Universe Online (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment) DC Universe Online Live (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment) DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Guns And Robots (HKLM-x32\...\Guns And Robots) (Version: 1.0 - Mastheadstudios Ltd.) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kaminfeuer Comprehensive Edition 1080 (HKLM-x32\...\ST5UNST #1) (Version: - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech) Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.) Logitech Z-series Software 1.04 (HKLM\...\{B38BCB00-1C17-48F5-BB94-584BB89D34D0}) (Version: 1.04.153 - Logitech) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden MAGIX Music Maker MX Premium Download Version (x32 Version: 18.0.0.42 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) S4 League (HKLM-x32\...\S4 League) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Spotify (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Spotify) (Version: 0.9.14.11.g7e298e37 - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Update kb77600 (HKLM-x32\...\{79BB0733-58A2-486C-AA02-F9BAB929EFF8}) (Version: 1.0.0 - MSR) <==== ATTENTION Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Treiber-Studio 2013 (HKLM\...\{2D3471B9-8671-46F0-9947-4C0DB6234403}) (Version: 8.1.428 - Publish Data) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) YouTube (HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659) (Version: 1.0.9.53204 - Pokki) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Margit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-01-2015 16:39:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 25-01-2015 19:00:20 Windows-Sicherung 27-01-2015 14:55:13 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 14:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00BFA346-0F61-4DB5-94CB-5A5D7D52CFB9} - System32\Tasks\{E853544F-29DE-4A80-9A15-633B15B19F21} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\pushinst.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {03EA357E-52D0-413D-8D49-E1F45E0A4E95} - System32\Tasks\{06818C6F-1EE9-4624-BF19-CF01A8F021B5} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {0D6A0BA9-DF4E-4168-8AB5-2A3CA14209C1} - System32\Tasks\{2A83181E-E6A5-40A8-A1E7-0EDC4B1878FC} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {1F34B0D5-B054-42DE-A0C4-BC12095BA138} - System32\Tasks\{F42E840F-C5C0-4AE3-B967-3B87823AF4F0} => pcalua.exe -a E:\Setup\Setup.exe -d E:\ Task: {24723AB7-117D-437B-89F4-20634CDC8F09} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {27D18596-A4E7-49C1-8B22-1C09B93019FA} - System32\Tasks\{25E61622-D504-4687-8CA0-DB1AE11A2406} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {3125A5D9-5466-4492-AB39-C3CC3275B630} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe Task: {333C954D-759E-44B8-8A20-DDFDE24FDC83} - System32\Tasks\{F80032B6-FD8B-4C37-B4C9-F1D860EE2A6E} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {3CD639F6-8AD5-4455-B0E4-320967B3959E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {408161EA-4870-4E07-8E72-72EFA6EC3E90} - System32\Tasks\{F960AAB2-4C92-4C84-A958-DA87CFCD15FA} => pcalua.exe -a C:\Users\Margit\AVM_Driver\FWLAN\setup.exe -d C:\Users\Margit\AVM_Driver\FWLAN Task: {414285DD-F86E-4FCB-91B8-50E84BE70E7A} - System32\Tasks\{9ACF3A99-E37B-43E0-A2AD-257222583004} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {4EBBCC70-8C9A-4670-90FA-8DFDFB0FD382} - System32\Tasks\{D1CBE8AD-32B1-4506-BCBC-71D28B9CD788} => pcalua.exe -a C:\Users\Margit\AppData\Local\Temp\{96C5A240-4257-448F-9F47-7D5C20A5C931}\setup.exe -d "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154" Task: {51367041-B77D-410F-AF6F-70B86CD7DEF0} - System32\Tasks\{12D0D921-EA07-4C9E-984C-D9DB7599421C} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {57E857AC-D073-4F22-878D-3036530C67BC} - System32\Tasks\{127E358C-5CE0-4EC3-8BCE-A39481B22E42} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {597DEE36-BDBA-4B26-9FF6-A92D39DFDC16} - System32\Tasks\{25BCCB07-CC7E-41B9-883B-3186D30FAB59} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {5D4C3598-0056-4C1B-B7CD-5E71AF7FF81F} - System32\Tasks\{AD5AFC9C-1A7A-4481-95C9-331FF3137DF4} => pcalua.exe -a E:\setup.exe -d E:\ Task: {5F99CCCE-3299-42DA-9619-746671EF331A} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG) Task: {626F3468-8501-4E35-BFE2-45C98209441A} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {6313AF1E-5AAB-424D-B3B2-BECBAC75A2DE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe Task: {6FFB1919-1FA9-4CDB-8523-686D2F9EA261} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {81B2819A-2FD4-4C10-A88D-FECDB52F6DA8} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-14] (ASUSTeK Computer Inc.) Task: {8520F69A-B90C-4530-A22B-105D5E08919E} - System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} => C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\Nostale.exe Task: {8F1573B8-40CD-4F08-9747-4577890147F9} - System32\Tasks\{10699523-0978-4EEC-B551-6B7DFEBF3E5B} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {9952CC9E-442F-4C72-8559-FD64B07CFAD6} - System32\Tasks\{749B462B-1FCA-4DAD-9483-A1A03E48C574} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {A47A0592-6656-4E9D-82FC-DB24584F8713} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: {B2D997F3-3C2B-4580-827C-8D10073AC37D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000Core => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B41DC9CA-413E-4BFC-ADAF-20114A8D82DB} - System32\Tasks\{891AAF44-5CAE-4B8A-931F-D71ADD64C53D} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {B746A350-8CCC-44B0-A11C-ADACF1731324} - System32\Tasks\{38081923-7D7F-4245-AE6B-B3FD6CADCB7B} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {B7BDC3B0-800B-48A1-A1EC-6E182B7AB7BF} - System32\Tasks\{135D557F-798B-4B30-9EF1-83F4CB2E14BF} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {BCEA647A-F118-4805-A05B-DA46186DF91B} - System32\Tasks\{19C2391B-B695-4206-ACEC-CFC188BFEAB6} => C:\Users\Margit\Desktop\HGWC Bypass\HGWC Bypass.exe Task: {C48504B3-C984-4B65-8844-8EFD37641110} - System32\Tasks\{F33716A5-2C9C-4596-B5E9-8FAC56D6A5FF} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{5CD14679-0F5A-4924-8C08-554D89A6A680}" Task: {D424A41E-977B-4BC1-8465-571E3CAC97CE} - System32\Tasks\{CEED9F63-5F09-41F1-9A60-A21377CA528B} => C:\Users\Margit\Downloads\chromeinstall-7u21 (1).exe Task: {D4A1E8FE-F77F-42B3-B38D-32D785A6D231} - System32\Tasks\{CA88250D-EDE0-415D-A7D9-80E1432B7A09} => C:\Program Files (x86)\Steam\Steam.exe [2015-01-19] (Valve Corporation) Task: {D6FDA0FC-3C68-4B92-ACFE-0CEE5DFE361D} - System32\Tasks\{27FC4681-DE2C-4C93-A5B5-F85ADDA5CD22} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-13] (LogMeIn Inc.) Task: {DF5648D2-25DC-4486-8F81-58F34C2D1376} - System32\Tasks\{C5C32378-3A80-41C0-A496-CB252C3EF91D} => C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe Task: {F5DC1BEA-DC5E-4B37-91FC-D34DAEF58010} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {F80EF664-B8BB-4371-AAA1-B250253DE11D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {F8237811-A5CF-4425-B59D-3FAC773AB9D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413827966-1155256820-1680526860-1000UA => C:\Users\Margit\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-29 22:25 - 2013-04-29 22:25 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-04-15 20:29 - 2014-05-29 14:39 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2014-12-31 13:44 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:44 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe 2015-01-24 15:43 - 2014-11-20 14:13 - 00052528 _____ () C:\Users\Gast\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-12-31 13:44 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:44 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll 2015-01-23 19:24 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: BackupStack => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: ClaraUpdater => 2 MSCONFIG\Services: CltMngSvc => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: HiPatchService => 2 MSCONFIG\Services: HitmanProScheduler => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Arc\ArcLauncher.exe /autorun MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe" MSCONFIG\startupreg: FixMyRegistry => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss MSCONFIG\startupreg: FLV Player => C:\Users\Margit\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe MSCONFIG\startupreg: GameforgeLive => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart MSCONFIG\startupreg: GoogleChromeAutoLaunch_7D78684C04D130A2BFD725AA212F80C4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss MSCONFIG\startupreg: Spotify => "C:\Users\Margit\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Margit\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3413827966-1155256820-1680526860-500 - Administrator - Disabled) Gast (S-1-5-21-3413827966-1155256820-1680526860-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-3413827966-1155256820-1680526860-1004 - Limited - Enabled) Margit (S-1-5-21-3413827966-1155256820-1680526860-1000 - Administrator - Enabled) => C:\Users\Margit ==================== Faulty Device Manager Devices ============= Name: hamachi Description: hamachi Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 03:09:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2015 02:51:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 10:28:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x6d4 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/26/2015 00:47:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/26/2015 00:29:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 10:25:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/25/2015 11:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 01:35:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x6f0 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (01/24/2015 03:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x517f39a1 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 System errors: ============= Error: (01/27/2015 03:17:10 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/27/2015 03:17:09 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/27/2015 02:52:07 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/26/2015 10:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/26/2015 00:58:16 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 10:25:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/25/2015 01:49:25 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 01:05:19 PM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 11:10:46 AM) (Source: DCOM) (EventID: 10016) (User: JUSTIN-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}JUSTIN-PCGastS-1-5-21-3413827966-1155256820-1680526860-501LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 01:35:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (01/27/2015 03:09:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/27/2015 02:51:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 10:28:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c16d401d0395b3081bd17C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll3d8e9151-a5a2-11e4-b681-50465d9054db Error: (01/26/2015 00:47:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/26/2015 00:29:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 10:25:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c170c01d03886ea221874C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlla89bfc30-a4d8-11e4-ac72-50465d9054db Error: (01/25/2015 11:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 01:35:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c16f001d037e36f47ebcdC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll1a77a88b-a42a-11e4-9dbc-50465d9054db Error: (01/24/2015 03:39:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c170c01d0370aa99f4538C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll6c7ddac2-a3d6-11e4-bf3f-50465d9054db CodeIntegrity Errors: =================================== Date: 2014-05-27 15:13:08.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-27 15:13:08.557 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 23% Total physical RAM: 7918.12 MB Available physical RAM: 6074.22 MB Total Pagefile: 15834.42 MB Available Pagefile: 13535.68 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:73.8 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:99.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A844CCAC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Margit (administrator) on JUSTIN-PC on 27-01-2015 15:28:22 Running from C:\Users\Gast\Downloads Loaded Profiles: Margit & Gast (Available profiles: Margit & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Program Files (x86)\Drakonia Configurator\hid.exe (Akamai Technologies, Inc.) C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Monitor.EXE () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] () HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Monitor.exe [475136 2014-02-26] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Margit\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3413827966-1155256820-1680526860-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [GoogleChromeAutoLaunch_BB36B386FC91F3D4CC09C0FCB27081F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Akamai NetSession Interface] => C:\Users\Gast\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Run: [Speed AutoClicker] => "C:\Users\Gast\Desktop\SpeedAutoClicker.exe" -startup HKU\S-1-5-21-3413827966-1155256820-1680526860-501\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bcbinit.vbs () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3413827966-1155256820-1680526860-1000] => 127.0.0.1:50416 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> DefaultScope {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {48E74EE1-4439-450F-9E2E-7DA8549037E7} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {805669DD-CC80-4E13-AF01-E6BBB8F7C34F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-1000 -> {B45C6E68-E31C-45D8-AD1E-4DE9B593D291} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-3413827966-1155256820-1680526860-501 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default FF NetworkProxy: "type", FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKU\S-1-5-21-3413827966-1155256820-1680526860-501: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Amazon-Icon - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\amazon-icon@giga.de [2014-02-02] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org [2013-10-20] FF Extension: qualitink - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox@qualitink.net [2013-11-15] FF Extension: Firefox Update Hotfix - C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\qmvnd1sk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2013-10-20] FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home238\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release393\ff [Not Found] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (YouTube) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (AdBlock Premium) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-24] CHR Extension: (Google Wallet) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Margit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2015-01-20] (AVM Berlin) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-29] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-15] () S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] () R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-15] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 ALSysIO; \??\C:\Users\Margit\AppData\Local\Temp\ALSysIO64.sys [X] S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 drvr; \??\C:\Windows\system32\drivers\drvr.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 15:28 - 2015-01-27 15:28 - 00020627 _____ () C:\Users\Gast\Downloads\FRST.txt 2015-01-24 23:48 - 2015-01-24 23:49 - 35255109 _____ () C:\Users\Gast\Downloads\Z0rker (2).zip 2015-01-24 14:17 - 2015-01-24 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal 2015-01-24 14:17 - 2015-01-24 14:17 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal 2015-01-23 18:48 - 2015-01-23 18:50 - 54996602 _____ () C:\Users\Gast\Downloads\Z0rker (1).zip 2015-01-23 16:44 - 2015-01-23 16:44 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 16:44 - 2015-01-23 16:44 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 16:36 - 2015-01-23 16:37 - 67350808 _____ (Logitech Inc.) C:\Users\Gast\Downloads\LGS_8.57.145_x64_Logitech.exe 2015-01-23 16:29 - 2015-01-23 16:29 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Logitech 2015-01-21 19:32 - 2015-01-21 19:33 - 07374858 _____ () C:\Users\Gast\Downloads\Metro.zip 2015-01-20 19:51 - 2015-01-20 19:51 - 00014704 _____ () C:\Users\Margit\Downloads\mbam-log-2015-01-20 (19-21-18).xml 2015-01-20 19:51 - 2015-01-20 19:51 - 00005212 _____ () C:\Users\Gast\Desktop\mbam.txt 2015-01-17 19:27 - 2015-01-17 19:27 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-17 19:27 - 2015-01-17 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-17 19:26 - 2015-01-17 19:26 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Gast\Downloads\SkypeSetup.exe 2015-01-17 19:11 - 2015-01-17 19:11 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Margit\Downloads\Shockwave_Installer_Slim.exe 2015-01-14 15:54 - 2015-01-14 15:54 - 00002067 _____ () C:\Users\Public\Desktop\AMD OverDrive.lnk 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-01-14 12:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:44 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:44 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:44 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-11 01:39 - 2015-01-11 01:39 - 00001813 _____ () C:\Users\Margit\Desktop\MbamSuchlauf.txt 2015-01-10 18:41 - 2015-01-10 18:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-10 18:40 - 2015-01-10 18:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 18:40 - 2015-01-10 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-10 18:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-10 18:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-10 18:39 - 2015-01-10 18:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\Users\Margit\AppData\Local\A 2015-01-02 12:41 - 2015-01-02 12:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Aeria Games 2015-01-02 00:28 - 2015-01-02 00:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Aeria Games 2015-01-02 00:27 - 2015-01-02 00:27 - 00000000 ____D () C:\ProgramData\Aeria Games 2015-01-02 00:26 - 2015-01-02 00:26 - 00001665 _____ () C:\Users\Margit\Desktop\S4 League.lnk 2015-01-02 00:26 - 2015-01-02 00:26 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00002028 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Aeria Games & Entertainment 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-02 00:19 - 2015-01-02 00:19 - 00000000 ____D () C:\Program Files (x86)\Aeria Games 2015-01-01 05:38 - 2015-01-01 21:01 - 00001241 _____ () C:\Users\Margit\Desktop\Guns And Robots.lnk 2015-01-01 05:38 - 2015-01-01 06:20 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guns And Robots 2015-01-01 05:38 - 2015-01-01 05:40 - 00000000 ____D () C:\Users\Margit\AppData\Local\Guns And Robots 2015-01-01 03:05 - 2015-01-01 03:05 - 00001199 _____ () C:\Users\Margit\Desktop\NosTale - Verknüpfung.lnk 2014-12-31 23:19 - 2014-12-31 23:19 - 00003010 _____ () C:\Windows\System32\Tasks\{48918102-C41A-4E86-8F45-E5BF5F191957} 2014-12-31 23:16 - 2014-12-31 23:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-12-31 23:16 - 2014-12-31 23:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-12-31 23:10 - 2014-12-31 23:10 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\OpenOffice 2014-12-31 14:05 - 2014-12-31 14:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\MingGuan 2014-12-31 13:53 - 2014-12-31 14:00 - 00000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skiller Pro 2014-12-31 13:53 - 2014-12-31 13:53 - 00000000 ____D () C:\Program Files (x86)\skins 2014-12-31 13:53 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:52 - 2014-12-31 13:52 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\InstallShield 2014-12-31 13:44 - 2015-01-23 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia 2014-12-31 13:44 - 2015-01-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator 2014-12-31 13:44 - 2014-12-31 13:44 - 01192533 _____ () C:\Windows\unins001.exe 2014-12-31 13:44 - 2014-12-31 13:44 - 00017982 _____ () C:\Windows\unins001.dat 2014-12-31 13:44 - 2014-12-31 13:44 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\MingGuan 2014-12-30 11:35 - 2014-12-30 19:55 - 00000000 ____D () C:\AdwCleaner 2014-12-29 23:04 - 2014-12-29 23:05 - 06594837 _____ () C:\Users\Gast\Downloads\Z0rker.zip 2014-12-29 17:05 - 2014-12-29 17:05 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\LolClient 2014-12-29 00:38 - 2014-12-29 00:38 - 00001129 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2014-12-29 00:37 - 2014-12-29 00:43 - 00000000 ____D () C:\Users\Margit\AppData\Local\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2014-12-29 00:02 - 2014-12-29 00:02 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieBrowserModeList 2014-12-28 23:22 - 2015-01-27 15:28 - 00000000 ____D () C:\FRST 2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 __SHD () C:\Users\Margit\AppData\Local\EmieBrowserModeList 2014-12-28 21:55 - 2015-01-25 01:03 - 02129920 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe 2014-12-28 21:09 - 2014-12-28 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) 2014-12-28 17:16 - 2015-01-19 20:24 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-28 17:16 - 2014-12-28 17:16 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-28 17:05 - 2014-12-28 17:05 - 00000000 ____D () C:\Users\Margit\AppData\Local\Logitech ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 15:26 - 2013-11-16 01:55 - 00000000 ____D () C:\Temp 2015-01-27 15:26 - 2013-09-01 20:03 - 00000000 ____D () C:\Users\Margit\AppData\Local\CRE 2015-01-27 15:18 - 2012-12-17 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-27 14:57 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 14:57 - 2009-07-14 05:45 - 00042160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 14:56 - 2012-12-17 10:33 - 01898777 _____ () C:\Windows\WindowsUpdate.log 2015-01-27 14:50 - 2014-10-24 13:04 - 00024216 _____ () C:\Windows\setupact.log 2015-01-27 14:50 - 2014-10-22 21:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-27 14:50 - 2014-04-17 20:18 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2015-01-27 14:50 - 2013-06-13 12:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-27 14:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-26 21:31 - 2014-10-22 21:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-25 21:01 - 2014-06-18 16:44 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype 2015-01-25 20:40 - 2014-07-12 17:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\.minecraft 2015-01-25 20:38 - 2014-04-25 16:33 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\.minecraft 2015-01-25 20:36 - 2014-07-16 18:28 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Craften Terminal 2015-01-25 19:18 - 2012-12-17 13:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 19:18 - 2012-12-17 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 19:18 - 2012-12-17 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 00:59 - 2014-04-23 16:06 - 00275968 ___SH () C:\Users\Margit\Desktop\Thumbs.db 2015-01-24 15:38 - 2014-10-24 13:03 - 00057134 _____ () C:\Windows\PFRO.log 2015-01-24 14:21 - 2013-09-13 19:13 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Craften Terminal 2015-01-23 19:24 - 2014-10-22 21:22 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-23 16:45 - 2014-11-11 14:47 - 00000000 ____D () C:\Program Files\Logitech Gaming Software 2015-01-23 16:43 - 2014-11-11 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-22 22:14 - 2014-04-17 19:56 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 20:27 - 2013-04-06 01:31 - 00000000 ____D () C:\Program Files (x86)\HyperCam 3 2015-01-20 20:09 - 2014-09-28 15:33 - 00000000 ____D () C:\Users\Gast\Desktop\Floral Flyff Client 2015-01-20 20:02 - 2013-05-14 18:01 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-01-20 19:43 - 2014-02-02 16:22 - 00000000 ____D () C:\Users\Margit\AppData\Local\Temp3630fecaa073aa021a2f274d8493fd83 2015-01-20 19:43 - 2013-02-16 19:06 - 00000000 ____D () C:\Users\Margit\AppData\Local\mcpatcher 2015-01-20 19:42 - 2014-12-07 12:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\TeamSpeak 3 Client 2015-01-20 19:31 - 2014-05-29 11:23 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-20 19:31 - 2014-05-28 20:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-20 19:28 - 2012-12-17 10:46 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-19 16:30 - 2014-07-25 22:41 - 00000000 ____D () C:\Users\Margit\AppData\Local\LogMeIn Hamachi 2015-01-19 16:20 - 2012-12-08 20:26 - 00000000 ____D () C:\Users\Gast\Desktop\Minecraft Bukkit Server 1.6.4 2015-01-17 20:43 - 2012-12-21 11:53 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-17 19:27 - 2012-12-21 11:53 - 00000000 ____D () C:\ProgramData\Skype 2015-01-17 18:58 - 2012-12-21 11:53 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Skype 2015-01-15 20:30 - 2013-05-14 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN 2015-01-14 22:08 - 2013-07-13 02:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 22:08 - 2012-12-17 12:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:52 - 2013-06-21 15:36 - 00000000 ____D () C:\Users\Margit\AppData\Local\Downloaded Installations 2015-01-13 22:07 - 2014-09-30 14:49 - 00000180 _____ () C:\Users\Gast\Desktop\Neues Textdokument (3).txt 2015-01-10 18:29 - 2012-12-21 17:09 - 00000000 ____D () C:\Users\Margit\AppData\Local\Adobe 2015-01-09 18:32 - 2014-11-06 17:50 - 00000000 ____D () C:\Users\Gast\Desktop\NosTale 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-02 00:19 - 2014-12-22 20:49 - 00000000 ____D () C:\AeriaGames 2015-01-02 00:19 - 2014-06-27 19:24 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2015-01-02 00:10 - 2014-05-03 21:34 - 00000000 ____D () C:\Users\Margit\AppData\Local\Akamai 2015-01-01 21:01 - 2013-07-09 12:29 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-01-01 05:40 - 2014-02-27 12:14 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Apple Computer 2015-01-01 02:51 - 2014-05-30 11:22 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-01 02:46 - 2014-11-06 17:39 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2015-01-01 02:46 - 2012-12-21 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2014-12-31 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-31 23:37 - 2014-07-24 17:53 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-12-31 23:37 - 2014-06-23 20:16 - 00000000 ____D () C:\Users\Gast\Documents\My Games 2014-12-31 23:16 - 2012-12-17 10:45 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-31 14:01 - 2014-07-13 20:37 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client 2014-12-31 13:53 - 2012-12-17 10:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-31 13:28 - 2014-05-30 11:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2014-12-30 12:05 - 2014-11-28 18:43 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2014-12-30 12:04 - 2014-12-20 19:01 - 00000000 ____D () C:\Windows\system32\log 2014-12-29 22:09 - 2013-04-22 14:55 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-29 15:45 - 2014-05-30 11:22 - 00109152 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 15:42 - 2009-07-14 05:45 - 00390200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-29 00:37 - 2014-02-20 16:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-29 00:37 - 2012-12-17 10:46 - 00109152 _____ () C:\Users\Margit\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 00:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-12-28 23:54 - 2014-12-22 20:44 - 00000000 ____D () C:\Users\Gast\AppData\Local\Akamai 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Samsung 2014-12-28 23:20 - 2014-04-14 12:48 - 00000000 ____D () C:\Users\Margit\AppData\Local\Samsung 2014-12-28 23:20 - 2014-04-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-12-28 23:20 - 2014-02-06 16:59 - 00000000 ____D () C:\ProgramData\Samsung 2014-12-28 23:17 - 2014-09-20 19:14 - 00000000 ____D () C:\ProgramData\NexonUS 2014-12-28 23:16 - 2014-03-20 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-28 23:16 - 2014-03-20 21:56 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-28 23:15 - 2014-03-20 21:59 - 00000000 ____D () C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Premium_Download_Version 2014-12-28 23:13 - 2014-12-27 02:07 - 00000000 ____D () C:\Program Files (x86)\Arc 2014-12-28 23:10 - 2013-04-03 16:02 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Roaming\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Users\Margit\AppData\Local\Opera Software 2014-12-28 23:09 - 2014-10-22 21:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-28 23:07 - 2014-03-14 16:07 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\ProgramData\Freemake 2014-12-28 23:07 - 2014-02-15 09:27 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-12-28 23:06 - 2014-05-26 09:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-28 23:05 - 2014-07-31 00:37 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2014-12-28 23:01 - 2013-09-09 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-28 23:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2014-12-31 13:53 - 2014-12-31 14:00 - 0000944 _____ () C:\Program Files (x86)\Config.ini 2014-12-31 13:53 - 2012-08-14 22:41 - 0061440 _____ () C:\Program Files (x86)\hiddriver.dll 2014-12-31 13:53 - 2013-09-12 14:15 - 0331510 _____ () C:\Program Files (x86)\Icon.ico 2014-12-31 13:53 - 2014-09-03 15:58 - 0057344 _____ () C:\Program Files (x86)\lan.dll 2014-12-31 13:53 - 2014-02-26 14:45 - 0475136 _____ () C:\Program Files (x86)\Monitor.EXE 2014-12-31 13:53 - 2006-08-22 15:05 - 0002238 _____ () C:\Program Files (x86)\Uninstall.ico 2013-08-18 12:44 - 2013-08-18 12:46 - 0047104 ___SH () C:\Users\Margit\AppData\Roaming\Thumbs.db 2014-02-20 21:57 - 2014-03-14 12:56 - 0000053 _____ () C:\Users\Margit\AppData\Roaming\WB.CFG 2012-12-20 17:46 - 2013-04-06 03:00 - 0007680 _____ () C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Users\Margit\Desktopasdasd.exe C:\Users\Margit\S4_League.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 01:09 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Nochmal zu den BackUps da ich ja erst 14 bin, würde ich sie, wenn sie lust hätten darum bitten, mir auch dabei zu helfen, denn ich habe von den BackUps so was von keine Ahnung. Aber natürlich auch nur, wenn sie auch möchten. Zu der msconfig würde ich auch gerne hilfe bekommen |
29.01.2015, 00:07 | #25 |
Ruhe in Frieden † 2019 | Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll Hallo, da ich nicht weiß, was du da so alles als Backup hast, würd ich dir raten, falls da nichts drin ist, was du nicht separat gesichert hast, lösch die alle und mach ein neues. Wer hat denn die Sachen unter MSConfig deaktiviert? Ansonsten wären wir aber durch. OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
Themen zu Pc ist zu langsam Und ich habe keine ahnugn, was ich tun soll |
ahnung, compu, computer, hilfe, hoffnung, keine ahnung, langsam, langsamer, pc bleibt manchmal stehen, pc langsam, problem, suche, troja, trojaner-board, volle, zu langsam |