| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Ständig Pop-Ups/Werbung im BrowserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.01.2015, 20:06
| #1 |
| |  Windows 7: Ständig Pop-Ups/Werbung im Browser Guten Abend, Ich habe vor ca. 3 Monaten meinen Pc neu aufgesetzt (vorher wichtige Programme/Datien auf einer externen Festplatte gesichert) und alles neu eingerichtet. Nach einiger Zeit ist mir aufgefallen das mir ständig Werbung in Chrome und Firefox angezeigt wird. Das äußert sich in verschiedenen Arten. Zum einen sind bestimmte Wörter Blau hinterlegt, fett und unterstrichen und führen zu anderen Seiten oder Werbung. Zum anderen wird oft Werbung von verschiedenen Seiten eingeschoben, die man zwar mit einem kleinen "x" schließen kann, die jedoch nach einigen Momenten wieder kommt. Weiterhin öffnen sich Pop-Ups oder Werbung in einem neuen Tab wenn ich auf einen Link klicke. Als Beispiel: Ich bin auf Wikipedia und lese ein Wort das ich nicht kenne und da oft solche Wörter zu einem anderen Wikipedia Artikel führen klicke ich drauf. Es öffnet sich dann der gefragte Artikel, allerdings zusätzlich noch 1-2 andere Tabs/Pop-Ups mit Werbung. Das passiert nicht jedes mal, ich würde sagen so zu 30% wenn ich auf etwas klicke. Mir ist außerdem aufgefallen das an der Werbung oft "Ads by TermTutor" steht. Die Pop-Ups sind oft Gewinnspiele oder eine Seite auf der groß "Windows 7 Pc-Reperatur" steht und die mir ein Programm Namens "eFix Pro" anbietet. Diese Seiten kann ich übrigens nicht direkt schließen, ich muss erst bestätigen das ich sie wirklich verlassen will. Ich hoffe das beschreibt mein Problem zu genügen und mir kann jemand helfen  (Da ich neu hier bin und nicht genau weiß was ihr braucht halte ich mich einfach an die Checkliste und poste alle Logfiles die ich habe) defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:48 on 19/01/2015 (Nils)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter (If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 18:50 - 2015-01-19 18:51 - 00015464 _____ () C:\Users\Nils\Desktop\FRST.txt
2015-01-19 18:50 - 2015-01-19 18:50 - 00000000 ____D () C:\FRST
2015-01-19 18:49 - 2015-01-19 18:49 - 02126848 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2015-01-19 18:48 - 2015-01-19 18:48 - 00000470 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2015-01-19 18:48 - 2015-01-19 18:48 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2015-01-19 18:47 - 2015-01-19 18:47 - 00050477 _____ () C:\Users\Nils\Desktop\Defogger.exe
2015-01-19 18:24 - 2015-01-19 18:32 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-19 17:04 - 2015-01-19 17:04 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Publish Providers
2015-01-19 17:00 - 2015-01-19 17:00 - 00006058 _____ () C:\Windows\system32\--traceoff
2015-01-19 17:00 - 2015-01-19 17:00 - 00000000 _____ () C:\Windows\system32\--debugoff
2015-01-19 16:59 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Local\Sony
2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Sony
2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files\Sony
2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-01-19 16:58 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Sony
2015-01-19 16:47 - 2015-01-19 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-19 16:47 - 2015-01-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 16:46 - 2015-01-19 16:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 21:09 - 2015-01-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 19:25 - 2015-01-16 19:25 - 00821953 _____ () C:\Users\Nils\Downloads\Infinite-Cube-Map.zip
2015-01-14 19:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:15 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-05 21:32 - 2015-01-05 21:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-05 20:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-05 20:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-05 20:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-05 20:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-01 20:10 - 2015-01-01 20:10 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-25 23:29 - 2014-12-25 23:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Notepad++
2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-12-25 23:28 - 2014-12-25 23:28 - 01174352 _____ () C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe
2014-12-24 22:37 - 2014-12-28 18:41 - 00000000 ____D () C:\Users\Nils\AppData\Local\SteelSeries Engine 3 Client
2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\admin
2014-12-24 22:36 - 2014-12-24 22:36 - 00005196 _____ () C:\Windows\DPINST.LOG
2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\Program Files\SteelSeries
2014-12-24 22:35 - 2014-12-24 22:36 - 58227312 _____ () C:\Users\Nils\Downloads\SteelSeriesEngine_3.3.1Setup.exe
2014-12-23 22:34 - 2014-12-23 22:44 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-12-23 22:34 - 2014-12-23 22:43 - 00000000 ____D () C:\Users\Nils\Documents\BFBC2
2014-12-23 22:33 - 2014-12-23 22:34 - 02434856 _____ () C:\Windows\SysWOW64\pbsvc_bc2.exe
2014-12-23 22:33 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-23 22:33 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-23 22:33 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-23 22:33 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-23 22:33 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-23 22:33 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-23 22:33 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-23 22:33 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-23 22:33 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-23 22:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-23 22:33 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-12-23 22:33 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-23 22:33 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-23 22:33 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-23 22:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-23 22:33 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-23 22:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-23 22:33 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-23 22:33 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-12-23 22:33 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-23 22:33 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-12-23 22:33 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-23 22:33 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-12-23 22:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-23 22:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-12-23 22:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-12-23 22:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-23 22:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-23 22:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-12-23 22:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-12-23 22:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-23 22:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-12-23 22:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-23 22:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-12-23 22:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-12-23 22:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-23 22:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-23 22:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-12-23 22:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-23 22:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-12-23 22:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-23 22:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-12-23 22:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-23 22:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-12-23 22:33 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-12-23 22:33 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-12-23 22:33 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-12-23 22:33 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-12-23 22:33 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-12-23 22:33 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-12-23 22:33 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-12-23 22:33 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-12-23 22:33 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-12-23 22:33 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-12-23 22:33 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-12-23 22:33 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-12-23 22:33 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-12-23 22:33 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-12-23 22:33 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-12-23 22:33 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-12-23 22:33 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-12-23 22:33 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-12-23 22:33 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-23 22:33 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-12-23 22:33 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-12-23 22:33 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-12-23 22:33 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-12-23 22:33 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-12-23 22:33 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-12-23 22:33 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-23 22:33 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-12-23 22:33 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-12-23 22:33 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-23 22:33 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-23 22:33 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-12-23 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-23 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-12-23 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-23 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-12-23 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-12-23 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-23 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-23 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-23 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-12-23 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-12-23 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-12-23 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-23 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-23 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-12-23 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-23 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-12-23 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-23 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-12-23 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-23 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-12-23 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-23 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-12-23 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-23 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-12-23 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-23 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-12-23 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-23 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-12-23 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-23 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-12-23 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-12-23 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-12-23 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-23 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-12-23 21:52 - 2015-01-05 21:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-23 21:52 - 2014-12-23 22:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\PunkBuster
2014-12-23 21:31 - 2014-12-23 21:31 - 00000000 ____D () C:\Users\Nils\AppData\Local\ESN
2014-12-23 21:30 - 2014-12-23 21:31 - 01534736 _____ () C:\Users\Nils\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-20 19:44 - 2014-12-20 19:44 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AMD
2014-12-20 19:42 - 2015-01-17 19:45 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-12-20 19:42 - 2014-12-20 19:42 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 18:48 - 2014-10-15 16:33 - 00000000 ____D () C:\Users\Nils
2015-01-19 18:41 - 2014-10-15 16:20 - 01896963 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 18:36 - 2014-10-17 18:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify
2015-01-19 18:36 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:36 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:33 - 2014-10-16 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Adobe
2015-01-19 18:33 - 2014-10-16 15:04 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2015-01-19 18:13 - 2014-10-17 22:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 17:13 - 2014-10-17 22:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 13:33 - 2014-10-17 16:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3805B21-4A53-440E-9497-24EDC29C2813}
2015-01-19 13:32 - 2014-10-17 18:33 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify
2015-01-19 13:32 - 2014-10-17 18:23 - 00000000 ___RD () C:\Users\Nils\Dropbox
2015-01-19 13:32 - 2014-10-17 18:17 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Dropbox
2015-01-19 13:31 - 2014-10-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 13:24 - 2014-10-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 13:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 13:24 - 2009-07-14 05:51 - 00066092 _____ () C:\Windows\setupact.log
2015-01-17 23:17 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-17 21:24 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Origin
2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-14 23:21 - 2014-10-16 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:16 - 2014-10-16 13:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 13:56 - 2014-10-17 11:35 - 00000000 ____D () C:\Users\Nils\Documents\Schule
2015-01-05 21:16 - 2014-10-17 13:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-05 21:15 - 2014-10-16 15:14 - 00132025 _____ () C:\Windows\DirectX.log
2015-01-05 20:17 - 2014-10-17 13:42 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-30 23:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 11:27 - 2009-09-21 13:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-12-26 11:27 - 2009-09-21 13:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-12-26 11:27 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 21:19 - 2014-10-16 13:51 - 00165062 _____ () C:\Windows\PFRO.log
2014-12-23 22:28 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-23 21:52 - 2014-10-17 11:36 - 00000000 ____D () C:\Users\Nils\Documents\Battlefield 4
2014-12-23 21:49 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 21:22 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-20 20:30 - 2014-10-17 11:40 - 00000000 ____D () C:\Users\Nils\Documents\Minecraft
==================== Files in the root of some directories =======
2014-10-16 14:31 - 2014-10-16 14:31 - 0000017 _____ () C:\Users\Nils\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4yoby.dll
C:\Users\Nils\AppData\Local\Temp\sonarinst.exe
C:\Users\Nils\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Nils\AppData\Local\Temp\_isDB6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 21:03
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Nils at 2015-01-19 18:51:36
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Studio version 6.4.0.1111 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1111 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.1 - Notepad++ Team)
Open Office Packages (HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Open Office Packages) (Version: - ) <==== ATTENTION
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.3.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.1 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Term Tutor (HKLM-x32\...\TermTutor) (Version: 1.9.0.8 - Term Tutor)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CE92F061-BFBC-11E3-8FF3-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1006047746-618158759-4133308658-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-01-2015 20:14:56 DirectX wurde installiert
05-01-2015 20:26:16 DirectX wurde installiert
05-01-2015 21:14:19 DirectX wurde installiert
12-01-2015 21:16:47 Geplanter Prüfpunkt
14-01-2015 23:16:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4A536EC2-E8AA-4739-BBE0-723C39C63D76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {573D493B-B583-475E-A3E2-08DA3298FF90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-23 21:52 - 2015-01-05 21:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-16 22:02 - 2014-09-16 22:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-11-13 22:19 - 2014-11-13 22:19 - 17542656 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2014-10-14 15:10 - 2014-10-14 15:10 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2014-10-17 18:33 - 2014-12-10 16:53 - 00374840 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-10-16 14:56 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-16 14:56 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-16 14:56 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-16 14:56 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-10-16 14:56 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-16 14:56 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-16 14:56 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-16 14:56 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-17 18:33 - 2014-12-10 16:53 - 36966968 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Nils\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-19 13:31 - 2015-01-19 13:31 - 00043008 _____ () c:\users\nils\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4yoby.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Nils\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Nils\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Nils\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-16 14:56 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-17 18:33 - 2014-12-10 16:53 - 00867896 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-10-17 18:33 - 2014-12-10 16:53 - 00886840 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-10-17 18:33 - 2014-12-10 16:53 - 00108600 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libegl.dll
2015-01-17 21:09 - 2015-01-17 21:09 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-17 18:13 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 18:13 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 18:13 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 18:13 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-17 18:13 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1006047746-618158759-4133308658-500 - Administrator - Disabled)
Gast (S-1-5-21-1006047746-618158759-4133308658-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1006047746-618158759-4133308658-1002 - Limited - Enabled)
Nils (S-1-5-21-1006047746-618158759-4133308658-1001 - Administrator - Enabled) => C:\Users\Nils
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/17/2015 08:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee50adee0
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/17/2015 08:04:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.1, Zeitstempel: 0x54750ebf
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.1, Zeitstempel: 0x54750ebf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056306
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Error: (01/06/2015 00:50:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee099dee0
ID des fehlerhaften Prozesses: 0x1b54
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 09:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fedfb5dee0
ID des fehlerhaften Prozesses: 0x1964
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 09:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: atidxx64.dll, Version: 8.17.10.569, Zeitstempel: 0x5417611b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000295b1d
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 08:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee01bdee0
ID des fehlerhaften Prozesses: 0x172c
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 08:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: atidxx64.dll, Version: 8.17.10.569, Zeitstempel: 0x5417611b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000295b1d
ID des fehlerhaften Prozesses: 0x1930
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 08:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: atidxx64.dll, Version: 8.17.10.569, Zeitstempel: 0x5417611b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000295b1d
ID des fehlerhaften Prozesses: 0xfd4
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 08:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee0c3dee0
ID des fehlerhaften Prozesses: 0x1934
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (01/05/2015 08:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.4.2.23831, Zeitstempel: 0x547fa9b4
Name des fehlerhaften Moduls: atidxx64.dll, Version: 8.17.10.569, Zeitstempel: 0x5417611b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000295b1d
ID des fehlerhaften Prozesses: 0x1f0c
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
System errors:
=============
Error: (01/14/2015 07:26:09 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:26:01 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:52 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:34 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:25 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:25:06 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:24:56 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (01/14/2015 07:24:46 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (01/17/2015 08:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4amdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee50adee0197c01d03288bff83d63C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeamdmantle64.dll5d17effa-9e7e-11e4-8af9-f46d0479683e
Error: (01/17/2015 08:04:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.154750ebfActivationUI.exe4.6.4.154750ebfc00000050005630616e001d03288604c2d64C:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exe9e5b5bbe-9e7b-11e4-8af9-f46d0479683e
Error: (01/06/2015 00:50:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4amdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee099dee01b5401d0293c853b8958C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeamdmantle64.dlla2a500df-9535-11e4-a388-f46d0479683e
Error: (01/05/2015 09:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4amdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fedfb5dee0196401d029255d61594eC:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeamdmantle64.dllb41cefd0-9519-11e4-a388-f46d0479683e
Error: (01/05/2015 09:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4atidxx64.dll8.17.10.5695417611bc00000050000000000295b1d1ab401d02922bd80d970C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeC:\Windows\system32\atidxx64.dll57af132a-9516-11e4-a388-f46d0479683e
Error: (01/05/2015 08:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4amdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee01bdee0172c01d0292155333a15C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeamdmantle64.dlleb1031f0-9514-11e4-9e71-f46d0479683e
Error: (01/05/2015 08:52:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4atidxx64.dll8.17.10.5695417611bc00000050000000000295b1d193001d029211b3911c2C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeC:\Windows\system32\atidxx64.dll71fbdab4-9514-11e4-9e71-f46d0479683e
Error: (01/05/2015 08:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4atidxx64.dll8.17.10.5695417611bc00000050000000000295b1dfd401d02920884063a8C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeC:\Windows\system32\atidxx64.dllee9351c0-9513-11e4-9e71-f46d0479683e
Error: (01/05/2015 08:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4amdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee0c3dee0193401d0291feebde07bC:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeamdmantle64.dllacafe646-9513-11e4-9e71-f46d0479683e
Error: (01/05/2015 08:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.4.2.23831547fa9b4atidxx64.dll8.17.10.5695417611bc00000050000000000295b1d1f0c01d0291fb301b642C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeC:\Windows\system32\atidxx64.dll111e5182-9513-11e4-9e71-f46d0479683e
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8173.21 MB
Available physical RAM: 4871.02 MB
Total Pagefile: 16344.6 MB
Available Pagefile: 12064.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1397.26 GB) (Free:1186.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 66871F3F)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-19 19:00:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD15EARS-00MVWB0 rev.51.0AB51 1397,27GB
Running: c7e8os12.exe; Driver: C:\Users\Nils\AppData\Local\Temp\kxldqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002fa4000 46 bytes [79, 5B, 00, FF, 79, 5B, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff80002fa402f 40 bytes [FF, 79, 5B, 00, FF, 79, 5B, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Windows\system32\PnkBstrA.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\TermTutor\Service\ttsvc.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\TermTutor\Service\ttsvc.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Steam\Steam.exe[3080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Steam\Steam.exe[3080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe[3264] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe[3264] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006fd20000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006fa20000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264](2014-10-22 00:22:50) 000000006f960000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000068650000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004500000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\nils\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4yoby.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264](2015-01-19 12:31:46) 0000000003ea0000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000062500000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000060310000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000600f0000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005fcb0000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000069480000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264](2014-10-22 00:22:50) 00000000696a0000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000069450000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000692e0000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005fa00000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264](2014-10-22 00:22:48) 000000005f920000
Library C:\Users\Nils\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe [3264](2014-10-22 00:22:46) 000000005f870000
---- EOF - GMER 2.1 ----
|
|
19.01.2015, 20:13
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Ständig Pop-Ups/Werbung im Browser hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
19.01.2015, 20:41
| #3 |
| | Windows 7: Ständig Pop-Ups/Werbung im Browser Vielen dank für die schnelle antwort,
__________________Ich habe beides gemacht, bei Combofix hat Avira die Meldung "Registry blockiert" ausgegeben. Hier hie Combofix.txt Code:
ATTFilter ComboFix 15-01-18.01 - Nils 19.01.2015 20:22:54.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.5953 [GMT 1:00]
ausgeführt von:: c:\users\Nils\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-19 bis 2015-01-19 ))))))))))))))))))))))))))))))
.
.
2015-01-19 19:16 . 2015-01-19 19:16 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-01-19 18:32 . 2015-01-19 18:32 -------- d-sh--w- c:\users\Nils\AppData\Local\EmieUserList
2015-01-19 18:32 . 2015-01-19 18:32 -------- d-sh--w- c:\users\Nils\AppData\Local\EmieSiteList
2015-01-19 18:32 . 2015-01-19 18:32 -------- d-sh--w- c:\users\Nils\AppData\Local\EmieBrowserModeList
2015-01-19 17:50 . 2015-01-19 17:51 -------- d-----w- C:\FRST
2015-01-19 17:24 . 2015-01-19 17:32 -------- d-----w- c:\program files\KMSpico
2015-01-19 16:04 . 2015-01-19 16:04 -------- d-----w- c:\users\Nils\AppData\Roaming\Publish Providers
2015-01-19 15:59 . 2015-01-19 16:03 -------- d-----w- c:\users\Nils\AppData\Local\Sony
2015-01-19 15:59 . 2015-01-19 15:59 -------- d-----w- c:\programdata\Sony
2015-01-19 15:59 . 2015-01-19 15:59 -------- d-----w- c:\program files\Sony
2015-01-19 15:59 . 2015-01-19 15:59 -------- d-----w- c:\program files (x86)\Sony
2015-01-19 15:58 . 2015-01-19 16:03 -------- d-----w- c:\users\Nils\AppData\Roaming\Sony
2015-01-19 15:47 . 2015-01-19 15:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-01-05 20:32 . 2015-01-05 20:33 -------- d-----w- c:\program files (x86)\Origin Games
2015-01-03 15:40 . 2015-01-03 15:40 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-01-03 15:40 . 2015-01-03 15:40 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-01-01 19:10 . 2015-01-01 19:10 -------- d-----w- c:\programdata\EA Core
2015-01-01 19:10 . 2015-01-01 19:10 -------- d-----w- c:\programdata\EA Logs
2014-12-25 22:29 . 2014-12-25 22:32 -------- d-----w- c:\users\Nils\AppData\Roaming\Notepad++
2014-12-25 22:29 . 2014-12-25 22:29 -------- d-----w- c:\program files (x86)\Notepad++
2014-12-24 21:37 . 2014-12-28 17:41 -------- d-----w- c:\users\Nils\AppData\Local\SteelSeries Engine 3 Client
2014-12-24 21:37 . 2014-12-24 21:37 -------- d-----w- c:\users\admin
2014-12-24 21:36 . 2014-12-24 21:36 -------- d-----w- c:\programdata\SteelSeries
2014-12-24 21:36 . 2014-12-24 21:36 -------- d-----w- c:\program files\SteelSeries
2014-12-23 21:34 . 2014-12-23 21:44 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-23 21:32 . 2007-03-05 11:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2014-12-23 20:52 . 2015-01-05 20:34 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-12-23 20:52 . 2014-12-23 21:34 -------- d-----w- c:\users\Nils\AppData\Local\PunkBuster
2014-12-23 20:31 . 2014-12-23 20:31 -------- d-----w- c:\users\Nils\AppData\Local\ESN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 22:17 . 2014-10-17 12:41 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-01-17 20:24 . 2014-10-17 12:41 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-01-14 22:16 . 2014-10-16 12:38 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-09 15:51 . 2014-11-17 20:43 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-09 15:51 . 2014-11-17 20:43 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-08 16:12 . 2014-12-03 16:33 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-01-05 20:16 . 2014-10-17 12:41 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-12-15 17:28 . 2014-11-17 20:42 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-13 05:09 . 2014-12-18 12:57 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 12:57 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 15:00 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 15:00 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 15:00 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 15:00 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 15:00 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 15:00 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 15:00 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 15:00 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 15:00 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 15:00 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 15:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 15:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 15:00 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 15:00 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 15:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 15:00 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 15:00 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 15:00 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 15:00 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 15:00 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 15:00 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 15:00 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 15:00 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 15:00 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 15:00 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 15:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 15:00 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 15:00 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 15:00 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 15:00 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 15:00 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 15:00 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 15:00 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 15:00 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 15:00 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 15:00 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 15:00 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 15:00 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 15:00 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 15:00 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 15:00 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 15:00 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 15:00 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 15:00 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 15:00 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 15:00 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 15:00 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 15:00 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-17 19:48 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-11-12 17:16 . 2014-10-17 17:59 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-11-11 03:09 . 2014-12-11 15:00 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 14:45 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 14:45 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 15:00 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 14:45 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:45 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 15:00 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 14:59 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 14:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 14:59 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 14:59 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-13 08:56 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 08:56 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-21 20:05 . 2014-10-21 20:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-10-21 20:05 . 2014-10-21 20:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-10-21 20:05 . 2014-10-21 20:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-10-21 20:05 . 2014-10-21 20:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-21 20:05 . 2014-10-21 20:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-10-21 20:05 . 2014-10-21 20:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-10-21 20:05 . 2014-10-21 20:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-10-21 20:05 . 2014-10-21 20:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-10-21 20:05 . 2014-10-21 20:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-10-21 20:05 . 2014-10-21 20:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-10-21 20:05 . 2014-10-21 20:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-10-21 20:05 . 2014-10-21 20:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-10-21 20:05 . 2014-10-21 20:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-10-21 20:05 . 2014-10-21 20:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-10-21 20:05 . 2014-10-21 20:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-10-21 20:05 . 2014-10-21 20:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-10-21 20:05 . 2014-10-21 20:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-10-21 20:05 . 2014-10-21 20:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-10-21 20:05 . 2014-10-21 20:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-10-21 20:05 . 2014-10-21 20:05 81408 ----a-w- c:\windows\system32\icardie.dll
2014-10-21 20:05 . 2014-10-21 20:05 774144 ----a-w- c:\windows\system32\jscript.dll
2014-10-21 20:05 . 2014-10-21 20:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-10-21 20:05 . 2014-10-21 20:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-10-21 20:05 . 2014-10-21 20:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-10-21 20:05 . 2014-10-21 20:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-10-21 20:05 . 2014-10-21 20:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-10-21 20:05 . 2014-10-21 20:05 48128 ----a-w- c:\windows\system32\imgutil.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D}]
2014-09-04 17:22 149072 ----a-w- c:\program files (x86)\TermTutor\IE\TermTutorClientIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-11 13:07 323752 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
"Spotify"="c:\users\Nils\AppData\Roaming\Spotify\Spotify.exe" [2014-12-10 6737976]
"Spotify Web Helper"="c:\users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-10 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-11-13 17542656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 ttsvc;Term Tutor Client Service;c:\program files (x86)\TermTutor\Service\ttsvc.exe;c:\program files (x86)\TermTutor\Service\ttsvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-17 17:13 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17 21:03]
.
2015-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Nils\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BrowserChoice - c:\windows\System32\browserchoice.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-19 20:32:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-01-19 19:32
.
Vor Suchlauf: 8 Verzeichnis(se), 1.273.750.523.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 1.275.069.583.360 Bytes frei
.
- - End Of File - - 2DE77F33BB36E803E71FACC687601BDC
A36C5E4F47E84449FF07ED3517B43A31
|
|
20.01.2015, 11:58
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Ständig Pop-Ups/Werbung im Browser Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2015, 14:06
| #5 |
| | Windows 7: Ständig Pop-Ups/Werbung im Browser Ok habe alles erledigt, hier die logs: mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.01.2015 Suchlauf-Zeit: 13:28:48 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.20.04 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nils Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 359171 Verstrichene Zeit: 6 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service\ttsvc.exe, 1784, Löschen bei Neustart, [267ee316e5a4fd395bb5cabe3ec57c84] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 8 PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [b0f4b5448702ad89c93310dc0ff3b24e], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [b0f4b5448702ad89c93310dc0ff3b24e], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [b0f4b5448702ad89c93310dc0ff3b24e], PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ttnfd, In Quarantäne, [e3c14aaf5e2b2b0b7d955b2df80bf50b], PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTSVC, In Quarantäne, [267ee316e5a4fd395bb5cabe3ec57c84], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1006047746-618158759-4133308658-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [762ed8217118a591a30f754430d37f81], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1006047746-618158759-4133308658-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [60440bee5435280e02c23c935ba90ff1], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TermTutor, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], Registrierungswerte: 4 PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|termtutor@termtutor.com, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com, In Quarantäne, [b1f3e514f792b87e759c5038699a4fb1] PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, In Quarantäne, [aef63bbec9c0f145a46f9cecef142dd3] PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTSVC|ImagePath, "C:\Program Files (x86)\TermTutor\Service\ttsvc.exe", In Quarantäne, [267ee316e5a4fd395bb5cabe3ec57c84] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1006047746-618158759-4133308658-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1S2Q1J0V1C2S, Löschen bei Neustart, [60440bee5435280e02c23c935ba90ff1] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 8 PUP.Optional.TermTutor.A, C:\Program Files\TermTutor, In Quarantäne, [891bde1bafda0b2b6c3610594ab9c23e], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\IE, In Quarantäne, [891bde1bafda0b2b6c3610594ab9c23e], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor, Löschen bei Neustart, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\FireFox, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\IE, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service, Löschen bei Neustart, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], Dateien: 27 PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll, In Quarantäne, [b0f4b5448702ad89c93310dc0ff3b24e], PUP.Optional.BoostSaves.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [1f8527d2f8913ef879edcbad7093ed13], PUP.Optional.BoostSaves.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [366e7b7e0188999ddc8a4b2d12f1cf31], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\!vitruvian-csp.js, In Quarantäne, [51530beee7a29c9a16043942956eaf51], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\defaults\preferences\!vitruvian-csp.js, In Quarantäne, [e8bc33c61d6c86b0b467502bf211b24e], PUP.Optional.TermTutor.A, C:\Windows\System32\drivers\ttnfd.sys, In Quarantäne, [e3c14aaf5e2b2b0b7d955b2df80bf50b], PUP.Optional.Boost.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [adf7da1f5a2f41f5e2bc563c9d66619f], PUP.Optional.Boost.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [63413cbd64251620326ce1b148bb7090], PUP.Optional.ReMarkable.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [8e162ccdc2c752e4fdb8da1a8b79ad53], PUP.Optional.ReMarkable.A, C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [a9fbbf3a32574beb61541dd7fa0af709], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service\ttsvc.exe, Löschen bei Neustart, [267ee316e5a4fd395bb5cabe3ec57c84], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\IE\TermTutorClientIE.dll, In Quarantäne, [891bde1bafda0b2b6c3610594ab9c23e], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\terms-of-service.rtf, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Uninstall.exe, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\buildcrx-license.txt, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\Info-ZIP-license.txt, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\nsJSON-license.txt, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\UAC-license.txt, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\FireFox\termtutor@termtutor.com.xpi, In Quarantäne, [c8dca1589ced8caaddc52445e02354ac], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\bootstrap.js, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\browser.js, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\browser.xul, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\chrome.manifest, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\icon-48.png, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\icon-64.png, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\install.rdf, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\plugin-api.js, In Quarantäne, [bfe518e1b8d167cffda64128e91a21df], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 20/01/2015 um 13:49:33
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nils - NILS-PC
# Gestartet von : C:\Users\Nils\Desktop\AdwCleaner_4.108.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Nils\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\TermTutor
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [2092 octets] - [20/01/2015 13:48:21]
AdwCleaner[S0].txt - [1959 octets] - [20/01/2015 13:49:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2019 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nils on 20.01.2015 at 13:57:35,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\if4lhdw6.default\minidumps [13 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Nils\appdata\local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2015 at 14:00:19,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Nils (administrator) on NILS-PC on 20-01-2015 14:01:59 Running from C:\Users\Nils\Desktop\Pop-up Problem Loaded Profiles: Nils (Available profiles: Nils) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Dropbox, Inc.) C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-19] (Valve Corporation) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Spotify] => C:\Users\Nils\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-10] (Spotify Ltd) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Spotify Web Helper] => C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1006047746-618158759-4133308658-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\abs@avira.com [2014-12-11] FF Extension: Download videos and MP3s from YouTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-17] FF Extension: NoScript - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-20] FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16] FF Extension: Adblock Edge - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-16] FF HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-17] Chrome: ======= CHR StartupUrls: Default -> "hxxp://csgo.99damage.de/de/start", "hxxp://csgolounge.com/" CHR Profile: C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17] CHR Extension: (Google Docs) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17] CHR Extension: (Google Drive) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17] CHR Extension: (YouTube) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17] CHR Extension: (Google-Suche) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17] CHR Extension: (Lounge Assistant) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2014-11-06] CHR Extension: (Google Tabellen) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17] CHR Extension: (Avira Browserschutz) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-17] CHR Extension: (Google Wallet) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-17] CHR Extension: (Google Mail) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-05] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-05] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 14:00 - 2015-01-20 14:00 - 00000911 _____ () C:\Users\Nils\Desktop\JRT.txt 2015-01-20 13:57 - 2015-01-20 13:57 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 13:56 - 2015-01-20 13:56 - 01707939 _____ (Thisisu) C:\Users\Nils\Desktop\JRT.exe 2015-01-20 13:49 - 2015-01-20 13:49 - 00002107 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt 2015-01-20 13:48 - 2015-01-20 13:53 - 00000000 ____D () C:\AdwCleaner 2015-01-20 13:47 - 2015-01-20 13:48 - 02186752 _____ () C:\Users\Nils\Desktop\AdwCleaner_4.108.exe 2015-01-20 13:45 - 2015-01-20 13:45 - 00008751 _____ () C:\Users\Nils\Desktop\mbam.txt 2015-01-20 13:28 - 2015-01-20 13:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-20 13:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-20 13:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-20 13:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-20 13:26 - 2015-01-20 13:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nils\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-19 20:41 - 2015-01-19 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-19 20:21 - 2015-01-19 20:32 - 00000000 ____D () C:\Qoobox 2015-01-19 20:21 - 2015-01-19 20:31 - 00000000 ____D () C:\Windows\erdnt 2015-01-19 20:21 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-19 20:21 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-19 20:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-19 20:16 - 2015-01-19 20:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-19 20:07 - 2015-01-20 14:01 - 00000000 ____D () C:\Users\Nils\Desktop\Pop-up Problem 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieBrowserModeList 2015-01-19 19:14 - 2015-01-19 19:14 - 00457048 _____ () C:\Windows\Minidump\011915-26660-01.dmp 2015-01-19 18:50 - 2015-01-20 14:02 - 00000000 ____D () C:\FRST 2015-01-19 18:48 - 2015-01-19 18:48 - 00000000 _____ () C:\Users\Nils\defogger_reenable 2015-01-19 18:24 - 2015-01-19 18:32 - 00000000 ____D () C:\Program Files\KMSpico 2015-01-19 17:04 - 2015-01-19 17:04 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Publish Providers 2015-01-19 17:00 - 2015-01-19 17:00 - 00006058 _____ () C:\Windows\system32\--traceoff 2015-01-19 17:00 - 2015-01-19 17:00 - 00000000 _____ () C:\Windows\system32\--debugoff 2015-01-19 16:59 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Local\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Sony 2015-01-19 16:58 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Sony 2015-01-19 16:47 - 2015-01-19 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-19 16:47 - 2015-01-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-19 16:46 - 2015-01-19 19:23 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-17 21:09 - 2015-01-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-16 19:25 - 2015-01-16 19:25 - 00821953 _____ () C:\Users\Nils\Downloads\Infinite-Cube-Map.zip 2015-01-14 19:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 19:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 19:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 19:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 19:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 19:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 19:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 19:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 19:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 19:15 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 19:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 19:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 19:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-05 21:32 - 2015-01-05 21:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-01-05 20:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2015-01-05 20:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2015-01-01 20:10 - 2015-01-01 20:10 - 00000000 ____D () C:\ProgramData\EA Core 2014-12-25 23:29 - 2014-12-25 23:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-12-25 23:28 - 2014-12-25 23:28 - 01174352 _____ () C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe 2014-12-24 22:37 - 2014-12-28 18:41 - 00000000 ____D () C:\Users\Nils\AppData\Local\SteelSeries Engine 3 Client 2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries 2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\admin 2014-12-24 22:36 - 2014-12-24 22:36 - 00005196 _____ () C:\Windows\DPINST.LOG 2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\ProgramData\SteelSeries 2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\Program Files\SteelSeries 2014-12-24 22:35 - 2014-12-24 22:36 - 58227312 _____ () C:\Users\Nils\Downloads\SteelSeriesEngine_3.3.1Setup.exe 2014-12-23 22:34 - 2014-12-23 22:44 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-12-23 22:34 - 2014-12-23 22:43 - 00000000 ____D () C:\Users\Nils\Documents\BFBC2 2014-12-23 22:33 - 2014-12-23 22:34 - 02434856 _____ () C:\Windows\SysWOW64\pbsvc_bc2.exe 2014-12-23 22:33 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-12-23 22:33 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-12-23 22:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-12-23 22:33 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-12-23 22:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-12-23 22:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-12-23 22:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-12-23 22:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-12-23 22:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-12-23 22:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-12-23 22:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-12-23 22:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-12-23 22:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-12-23 22:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-12-23 22:33 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-12-23 22:33 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-12-23 22:33 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-12-23 22:33 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-12-23 22:33 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-12-23 22:33 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-12-23 22:33 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-12-23 22:33 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-12-23 22:33 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-12-23 22:33 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-12-23 22:33 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-12-23 22:33 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-12-23 22:33 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-12-23 22:33 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-12-23 22:33 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-12-23 22:33 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-12-23 22:33 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-12-23 22:33 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-12-23 22:33 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-12-23 22:33 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-12-23 22:33 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-12-23 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-12-23 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-12-23 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-12-23 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-12-23 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-12-23 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-12-23 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-12-23 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-12-23 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-12-23 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-12-23 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-12-23 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-12-23 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-12-23 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-12-23 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-12-23 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-12-23 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-12-23 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-12-23 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-12-23 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-12-23 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-12-23 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-12-23 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-12-23 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-12-23 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-12-23 21:52 - 2015-01-05 21:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-12-23 21:52 - 2014-12-23 22:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\PunkBuster 2014-12-23 21:31 - 2014-12-23 21:31 - 00000000 ____D () C:\Users\Nils\AppData\Local\ESN 2014-12-23 21:30 - 2014-12-23 21:31 - 01534736 _____ () C:\Users\Nils\Downloads\battlelog-web-plugins_2.6.2_154.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 14:00 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-20 14:00 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-20 13:58 - 2014-10-17 18:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify 2015-01-20 13:53 - 2014-10-17 22:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-20 13:53 - 2014-10-17 18:23 - 00000000 ___RD () C:\Users\Nils\Dropbox 2015-01-20 13:53 - 2014-10-17 18:17 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Dropbox 2015-01-20 13:53 - 2014-10-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 13:51 - 2014-10-16 13:51 - 00176648 _____ () C:\Windows\PFRO.log 2015-01-20 13:51 - 2014-10-15 16:20 - 01982851 _____ () C:\Windows\WindowsUpdate.log 2015-01-20 13:51 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-20 13:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-20 13:51 - 2009-07-14 05:51 - 00067100 _____ () C:\Windows\setupact.log 2015-01-20 13:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding 2015-01-20 13:17 - 2014-10-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 21:13 - 2014-10-17 22:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-19 20:28 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-19 19:14 - 2014-10-17 16:04 - 00000000 ____D () C:\Windows\Minidump 2015-01-19 19:14 - 2014-10-17 15:56 - 631077084 _____ () C:\Windows\MEMORY.DMP 2015-01-19 18:48 - 2014-10-15 16:33 - 00000000 ____D () C:\Users\Nils 2015-01-19 18:33 - 2014-10-16 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Adobe 2015-01-19 18:33 - 2014-10-16 15:04 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe 2015-01-19 13:33 - 2014-10-17 16:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3805B21-4A53-440E-9497-24EDC29C2813} 2015-01-19 13:32 - 2014-10-17 18:33 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify 2015-01-17 23:17 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-17 21:24 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Origin 2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-17 19:45 - 2014-12-20 19:42 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft 2015-01-14 23:21 - 2014-10-16 13:38 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 23:16 - 2014-10-16 13:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-06 13:56 - 2014-10-17 11:35 - 00000000 ____D () C:\Users\Nils\Documents\Schule 2015-01-05 21:16 - 2014-10-17 13:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-01-05 21:15 - 2014-10-16 15:14 - 00132025 _____ () C:\Windows\DirectX.log 2015-01-05 20:17 - 2014-10-17 13:42 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-12-30 23:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-26 11:27 - 2009-09-21 13:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-12-26 11:27 - 2009-09-21 13:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-12-26 11:27 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 22:28 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-23 21:52 - 2014-10-17 11:36 - 00000000 ____D () C:\Users\Nils\Documents\Battlefield 4 2014-12-23 21:49 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-12-23 21:22 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin ==================== Files in the root of some directories ======= 2014-10-16 14:31 - 2014-10-16 14:31 - 0000017 _____ () C:\Users\Nils\AppData\Local\resmon.resmoncfg Some content of TEMP: ==================== C:\Users\Nils\AppData\Local\Temp\avgnt.exe C:\Users\Nils\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppuqatr.dll C:\Users\Nils\AppData\Local\Temp\Quarantine.exe C:\Users\Nils\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 21:03 ==================== End Of Log ============================ |
|
20.01.2015, 19:32
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Ständig Pop-Ups/Werbung im BrowserESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7: Ständig Pop-Ups/Werbung im Browser |
|
20.01.2015, 21:48
| #7 |
| | Windows 7: Ständig Pop-Ups/Werbung im Browser Ok habe eine Festplatte angeschlossen (benutze ich nicht alleine, mein Bruder hat auch ein paar Sachen von sich drauf gespeichert), denke aber nicht das da was drauf ist was das Problem verursacht haben kann, habe die auch schon vor Auftreten des Problems benutzt. (Falls das überhaupt der Grund für das anschließen war^^) Habe grade in beiden Browsern 2/3 Minuten rumgeklickt und es scheint als wär alles verschwunden Naja hier die Logs: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=409cb14fedbd6d47965cccc33fae260b
# engine=22061
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-20 08:24:27
# local_time=2015-01-20 09:24:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 10898 10230007 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7797499 173415317 0 0
# scanned=193374
# found=2
# cleaned=0
# scan_time=5188
sh=A03317C45DC4213D04318116D10727928F970565 ft=1 fh=b9e5742b7b527a54 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe"
sh=C097F050A0703DB5F4329ACA0B7E5E67BEBD12F6 ft=1 fh=b5ff431dc0df0d92 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nils\Downloads\OpenOffice - CHIP-Installer.exe"
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Nils (administrator) on NILS-PC on 20-01-2015 21:39:19 Running from C:\Users\Nils\Desktop\Pop-up Problem Loaded Profiles: Nils (Available profiles: Nils) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Dropbox, Inc.) C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\spotify.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Nils\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-19] (Valve Corporation) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Spotify] => C:\Users\Nils\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-10] (Spotify Ltd) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Run: [Spotify Web Helper] => C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nils\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1006047746-618158759-4133308658-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1006047746-618158759-4133308658-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\abs@avira.com [2014-12-11] FF Extension: Download videos and MP3s from YouTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-17] FF Extension: NoScript - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-20] FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16] FF Extension: Adblock Edge - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\if4lhdw6.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-16] FF HKU\S-1-5-21-1006047746-618158759-4133308658-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-17] Chrome: ======= CHR StartupUrls: Default -> "hxxp://csgo.99damage.de/de/start", "hxxp://csgolounge.com/" CHR Profile: C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17] CHR Extension: (Google Docs) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17] CHR Extension: (Google Drive) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17] CHR Extension: (YouTube) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17] CHR Extension: (Google-Suche) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17] CHR Extension: (Lounge Assistant) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2014-11-06] CHR Extension: (Google Tabellen) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17] CHR Extension: (Avira Browserschutz) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-17] CHR Extension: (Google Wallet) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-17] CHR Extension: (Google Mail) - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-05] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-05] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 21:34 - 2015-01-20 21:34 - 00852504 _____ () C:\Users\Nils\Desktop\SecurityCheck.exe 2015-01-20 19:55 - 2015-01-20 19:55 - 02347384 _____ (ESET) C:\Users\Nils\Desktop\esetsmartinstaller_deu.exe 2015-01-20 13:57 - 2015-01-20 13:57 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 13:48 - 2015-01-20 13:53 - 00000000 ____D () C:\AdwCleaner 2015-01-20 13:28 - 2015-01-20 20:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-20 13:27 - 2015-01-20 13:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-20 13:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-20 13:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-20 13:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-19 20:41 - 2015-01-19 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-19 20:21 - 2015-01-19 20:32 - 00000000 ____D () C:\Qoobox 2015-01-19 20:21 - 2015-01-19 20:31 - 00000000 ____D () C:\Windows\erdnt 2015-01-19 20:21 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-19 20:21 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-19 20:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-19 20:21 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-19 20:16 - 2015-01-19 20:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-19 20:07 - 2015-01-20 21:39 - 00000000 ____D () C:\Users\Nils\Desktop\Pop-up Problem 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList 2015-01-19 19:32 - 2015-01-19 19:32 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieBrowserModeList 2015-01-19 19:14 - 2015-01-19 19:14 - 00457048 _____ () C:\Windows\Minidump\011915-26660-01.dmp 2015-01-19 18:50 - 2015-01-20 21:39 - 00000000 ____D () C:\FRST 2015-01-19 18:48 - 2015-01-19 18:48 - 00000000 _____ () C:\Users\Nils\defogger_reenable 2015-01-19 18:24 - 2015-01-19 18:32 - 00000000 ____D () C:\Program Files\KMSpico 2015-01-19 17:04 - 2015-01-19 17:04 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Publish Providers 2015-01-19 17:00 - 2015-01-19 17:00 - 00006058 _____ () C:\Windows\system32\--traceoff 2015-01-19 17:00 - 2015-01-19 17:00 - 00000000 _____ () C:\Windows\system32\--debugoff 2015-01-19 16:59 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Local\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files\Sony 2015-01-19 16:59 - 2015-01-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Sony 2015-01-19 16:58 - 2015-01-19 17:03 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Sony 2015-01-19 16:47 - 2015-01-19 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-19 16:47 - 2015-01-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-19 16:46 - 2015-01-19 19:23 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-17 21:09 - 2015-01-17 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-16 19:25 - 2015-01-16 19:25 - 00821953 _____ () C:\Users\Nils\Downloads\Infinite-Cube-Map.zip 2015-01-14 19:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 19:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 19:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 19:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 19:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 19:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 19:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 19:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 19:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 19:15 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 19:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 19:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 19:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-05 21:32 - 2015-01-05 21:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-01-05 20:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2015-01-05 20:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-01-05 20:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-01-05 20:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2015-01-01 20:10 - 2015-01-01 20:10 - 00000000 ____D () C:\ProgramData\EA Core 2014-12-25 23:29 - 2014-12-25 23:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-12-25 23:29 - 2014-12-25 23:29 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-12-25 23:28 - 2014-12-25 23:28 - 01174352 _____ () C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe 2014-12-24 22:37 - 2014-12-28 18:41 - 00000000 ____D () C:\Users\Nils\AppData\Local\SteelSeries Engine 3 Client 2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries 2014-12-24 22:37 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\admin 2014-12-24 22:36 - 2014-12-24 22:36 - 00005196 _____ () C:\Windows\DPINST.LOG 2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\ProgramData\SteelSeries 2014-12-24 22:36 - 2014-12-24 22:36 - 00000000 ____D () C:\Program Files\SteelSeries 2014-12-24 22:35 - 2014-12-24 22:36 - 58227312 _____ () C:\Users\Nils\Downloads\SteelSeriesEngine_3.3.1Setup.exe 2014-12-23 22:34 - 2014-12-23 22:44 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-12-23 22:34 - 2014-12-23 22:43 - 00000000 ____D () C:\Users\Nils\Documents\BFBC2 2014-12-23 22:33 - 2014-12-23 22:34 - 02434856 _____ () C:\Windows\SysWOW64\pbsvc_bc2.exe 2014-12-23 22:33 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-12-23 22:33 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-12-23 22:33 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-12-23 22:33 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-12-23 22:33 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-12-23 22:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-12-23 22:33 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-12-23 22:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-12-23 22:33 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-12-23 22:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-12-23 22:33 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-12-23 22:33 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-12-23 22:33 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-12-23 22:33 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-12-23 22:33 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-12-23 22:33 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-12-23 22:33 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-12-23 22:33 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-12-23 22:33 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-12-23 22:33 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-12-23 22:33 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-12-23 22:33 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-12-23 22:33 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-12-23 22:33 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-12-23 22:33 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-12-23 22:33 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-12-23 22:33 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-12-23 22:33 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-12-23 22:33 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-12-23 22:33 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-12-23 22:33 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-12-23 22:33 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-12-23 22:33 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-12-23 22:33 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-12-23 22:33 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-12-23 22:33 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-12-23 22:33 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-12-23 22:33 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-12-23 22:33 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-12-23 22:33 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-12-23 22:33 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-12-23 22:33 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-12-23 22:33 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-12-23 22:33 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-12-23 22:33 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-12-23 22:33 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-12-23 22:33 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-12-23 22:33 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-12-23 22:33 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-12-23 22:33 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-12-23 22:33 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-12-23 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-12-23 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-12-23 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-12-23 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-12-23 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-12-23 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-12-23 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-12-23 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-12-23 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-12-23 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-12-23 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-12-23 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-12-23 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-12-23 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-12-23 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-12-23 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-12-23 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-12-23 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-12-23 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-12-23 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-12-23 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-12-23 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-12-23 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-12-23 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-12-23 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-12-23 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-12-23 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-12-23 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-12-23 21:52 - 2015-01-05 21:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-12-23 21:52 - 2014-12-23 22:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\PunkBuster 2014-12-23 21:31 - 2014-12-23 21:31 - 00000000 ____D () C:\Users\Nils\AppData\Local\ESN 2014-12-23 21:30 - 2014-12-23 21:31 - 01534736 _____ () C:\Users\Nils\Downloads\battlelog-web-plugins_2.6.2_154.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 21:13 - 2014-10-17 22:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-20 20:01 - 2014-10-17 18:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify 2015-01-20 19:57 - 2009-09-21 13:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2015-01-20 19:57 - 2009-09-21 13:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2015-01-20 19:57 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 19:41 - 2014-10-15 16:20 - 01996884 _____ () C:\Windows\WindowsUpdate.log 2015-01-20 18:58 - 2014-10-16 15:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-20 18:58 - 2014-10-16 15:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-20 18:58 - 2014-10-16 15:04 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe 2015-01-20 18:31 - 2014-10-17 18:33 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify 2015-01-20 17:13 - 2014-10-17 22:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-20 16:18 - 2009-07-14 05:51 - 00067156 _____ () C:\Windows\setupact.log 2015-01-20 16:17 - 2014-11-17 20:42 - 00000000 ____D () C:\Users\Nils\AppData\Local\Windows Live 2015-01-20 16:10 - 2014-10-17 16:46 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3805B21-4A53-440E-9497-24EDC29C2813} 2015-01-20 14:00 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-20 14:00 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-20 13:53 - 2014-10-17 18:23 - 00000000 ___RD () C:\Users\Nils\Dropbox 2015-01-20 13:53 - 2014-10-17 18:17 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Dropbox 2015-01-20 13:53 - 2014-10-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 13:51 - 2014-10-16 13:51 - 00176648 _____ () C:\Windows\PFRO.log 2015-01-20 13:51 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-20 13:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-20 13:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding 2015-01-20 13:17 - 2014-10-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 20:28 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-19 19:14 - 2014-10-17 16:04 - 00000000 ____D () C:\Windows\Minidump 2015-01-19 19:14 - 2014-10-17 15:56 - 631077084 _____ () C:\Windows\MEMORY.DMP 2015-01-19 18:48 - 2014-10-15 16:33 - 00000000 ____D () C:\Users\Nils 2015-01-19 18:33 - 2014-10-16 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Adobe 2015-01-17 23:17 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-17 21:24 - 2014-10-17 13:41 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Origin 2015-01-17 20:03 - 2014-10-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-17 19:45 - 2014-12-20 19:42 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft 2015-01-14 23:21 - 2014-10-16 13:38 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 23:16 - 2014-10-16 13:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-06 13:56 - 2014-10-17 11:35 - 00000000 ____D () C:\Users\Nils\Documents\Schule 2015-01-05 21:16 - 2014-10-17 13:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-01-05 21:15 - 2014-10-16 15:14 - 00132025 _____ () C:\Windows\DirectX.log 2015-01-05 20:17 - 2014-10-17 13:42 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-12-30 23:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-23 22:28 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-23 21:52 - 2014-10-17 11:36 - 00000000 ____D () C:\Users\Nils\Documents\Battlefield 4 2014-12-23 21:49 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-12-23 21:22 - 2014-10-17 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin ==================== Files in the root of some directories ======= 2014-10-16 14:31 - 2014-10-16 14:31 - 0000017 _____ () C:\Users\Nils\AppData\Local\resmon.resmoncfg Some content of TEMP: ==================== C:\Users\Nils\AppData\Local\Temp\avgnt.exe C:\Users\Nils\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppuqatr.dll C:\Users\Nils\AppData\Local\Temp\Quarantine.exe C:\Users\Nils\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 21:03 ==================== End Of Log ============================ --- --- --- |
|
21.01.2015, 11:23
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Ständig Pop-Ups/Werbung im Browser Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe
C:\Users\Nils\Downloads\OpenOffice - CHIP-Installer.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.01.2015, 18:00
| #9 |
| | Windows 7: Ständig Pop-Ups/Werbung im Browser Habe noch ein kleines Problem, ich kann combofix nicht per "Windowstaste + R > Combofix /Uninstall" deinstallieren und wenn ich die datei umbennen und sie starte führt sie sich ganz normal aus und macht das was sie beim ersten mal auch gemacht hat ^^. Edit: ok hat sich erledigt, ich mache noch eben den Rest von der Liste und melde mich dann noch mal Hier aber die Fixlist: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Nils at 2015-01-21 16:52:07 Run:1
Running from C:\Users\Nils\Desktop\Pop-up Problem
Loaded Profiles: Nils (Available profiles: Nils)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe
C:\Users\Nils\Downloads\OpenOffice - CHIP-Installer.exe
Emptytemp:
*****************
C:\Users\Nils\Downloads\Notepad - CHIP-Installer.exe => Moved successfully.
C:\Users\Nils\Downloads\OpenOffice - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 968.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:52:22 ====
Ich habe auch keine weiteren Fragen Geändert von Nils+ (21.01.2015 um 17:36 Uhr) |
|
21.01.2015, 22:01
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Ständig Pop-Ups/Werbung im Browser Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Ständig Pop-Ups/Werbung im Browser |
| adware, antivirus, avira, browser, chrome, cpu, desktop, dvdvideosoft ltd., efix pro, festplatte, firefox, flash player, helper, hängen, iexplore.exe, internet, internet explorer, mozilla, pop-ups, problem, scan, security, server, software, svchost.exe, system, usb, werbung, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
