| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ask.fm Like-Bot virus.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2015, 13:56
| #1 |
| |  Ask.fm Like-Bot virus. Guten Tag, Ich habe mir gestern einen Ask.fm like bot runtergeladen was nun ein virus ist... Ich weiß nicht wie ich diesen entferne.  gestern kam noch ein meldung von nem worm... der kommt nicht mehr nur noch der spygen... hmm bitte hilft mir... |
|
05.02.2015, 14:01
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ask.fm Like-Bot virus. Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.02.2015, 16:22
| #3 |
| | Ask.fm Like-Bot virus. Ich habe antivir von avira wie mach ichs da
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Baris at 2015-02-05 14:06:38
Running from C:\Users\Saturn\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 11.6.24.203_WHQL (HKLM\...\Elantech) (Version: 11.6.24.203 - ELAN Microelectronic Corp.)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.8.2.5 - SCS Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.7.4.1 (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Pokki (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Pokki) (Version: 0.266.1.172 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Saturn\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Saturn\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2520385442-11042346-106642047-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-01-2015 22:41:08 Removed LogMeIn Hamachi
22-01-2015 18:56:53 DirectX wurde installiert
01-02-2015 17:29:01 Installed Minecraft
04-02-2015 22:31:25 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1197D9F1-3D00-4001-95D2-F8C7C640B443} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {184B0B00-D4E9-45C9-AC5A-56004E2021A2} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {19D4148B-40A5-44B1-9CF4-8A1023409CA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {252877D0-2958-404E-9071-F6173B1EE003} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002UA => C:\Users\Saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-05] (Facebook Inc.)
Task: {4324E7FE-EC5D-4A55-A0A6-8B9BB72FD2AA} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {5BB18426-E595-4EFC-8184-29F965D7AFF1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6286A344-F801-426C-BCC5-A5511054A020} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-Baris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {65AF9DF6-9031-45DA-8754-6210E738BAC5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002Core => C:\Users\Saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-05] (Facebook Inc.)
Task: {7A5FEF87-C3AC-4E91-9D10-2F0FBB396912} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {820954BD-8378-441A-B737-C11CED543E0C} - System32\Tasks\FF Watcher {098D5A1E-A914-499F-B2FC-78A445E626F9} => C:\Program Files\V-bates\PrefHelper.exe [2014-01-28] () <==== ATTENTION
Task: {A2DB402D-C940-4872-8C0F-74BE59317A30} - System32\Tasks\FF Watcher {8053C1CD-5914-48EB-AAB1-802857E4487E} => C:\Program Files\V-bates\PrefHelper.exe [2014-01-28] () <==== ATTENTION
Task: {ABA8B275-AE92-4B51-94FC-EF683B745EC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {CA3A2CF0-9DDF-4591-AD45-C6842DA007E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {D08AFE4E-3930-4FA1-88A6-91CF5308E184} - System32\Tasks\MySearchDial => C:\Users\Saturn\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D4448A2A-243B-404C-B16F-5D65C6F709DB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {F1635E5E-C33B-4EC4-98B5-6323D6A55788} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Saturn\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {FBD568BB-DAA1-4F8F-A14B-F1D139CFC7E8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002Core.job => C:\Users\Saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002UA.job => C:\Users\Saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FF Watcher {098D5A1E-A914-499F-B2FC-78A445E626F9}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FF Watcher {8053C1CD-5914-48EB-AAB1-802857E4487E}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\Saturn\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2014-09-03 15:55 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-31 11:53 - 2014-05-31 11:53 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-04-16 13:16 - 2014-01-28 13:06 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2013-05-31 00:23 - 2013-05-31 00:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-31 00:19 - 2013-05-31 00:19 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-31 00:53 - 2013-05-31 00:53 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 00054696 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 00197544 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 00640424 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 00209832 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 14863784 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2014-03-23 15:50 - 2014-03-23 15:50 - 00319912 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-05-23 01:10 - 2014-05-23 01:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-05 18:08 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Saturn\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-18 13:13 - 2015-01-18 13:13 - 00043008 _____ () c:\users\saturn\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegwjgk.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Saturn\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Saturn\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Saturn\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 17:44 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-16 13:16 - 2014-01-28 13:06 - 00194560 _____ () C:\Program Files\V-bates\Extension32.dll
2014-09-03 15:12 - 2014-09-03 15:12 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2013-09-05 18:08 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-02-11 20:29 - 2014-02-11 20:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-02-04 09:20 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 09:20 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 09:20 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Saturn\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2520385442-11042346-106642047-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\StartupApproved\Run: => "Clownfish"
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\StartupApproved\Run: => "EADM"
==================== Accounts: =============================
Administrator (S-1-5-21-2520385442-11042346-106642047-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2520385442-11042346-106642047-1003 - Limited - Enabled)
Baris (S-1-5-21-2520385442-11042346-106642047-1002 - Administrator - Enabled) => C:\Users\Saturn
Gast (S-1-5-21-2520385442-11042346-106642047-501 - Limited - Disabled)
Gaste (S-1-5-21-2520385442-11042346-106642047-1006 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2520385442-11042346-106642047-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 01:36:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: osk.exe, Version: 6.3.9600.17238, Zeitstempel: 0x53d0db93
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x2bb4
Startzeit der fehlerhaften Anwendung: 0xosk.exe0
Pfad der fehlerhaften Anwendung: osk.exe1
Pfad des fehlerhaften Moduls: osk.exe2
Berichtskennung: osk.exe3
Vollständiger Name des fehlerhaften Pakets: osk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: osk.exe5
Error: (02/05/2015 01:00:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (02/05/2015 00:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: osk.exe, Version: 6.3.9600.17238, Zeitstempel: 0x53d0db93
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0xosk.exe0
Pfad der fehlerhaften Anwendung: osk.exe1
Pfad des fehlerhaften Moduls: osk.exe2
Berichtskennung: osk.exe3
Vollständiger Name des fehlerhaften Pakets: osk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: osk.exe5
Error: (02/04/2015 10:58:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 45c
Startzeit: 01d040c58cb3a079
Endzeit: 4294967295
Anwendungspfad: C:\Windows\System32\WWAHost.exe
Berichts-ID: d4a82226-acb8-11e4-bf2c-48d224b58381
Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store
Error: (02/04/2015 10:57:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/04/2015 10:57:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: Die App „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (02/04/2015 09:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.13.1, Zeitstempel: 0x52f202d0
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x52158ff5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009948
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Vollständiger Name des fehlerhaften Pakets: NvBackend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NvBackend.exe5
Error: (02/04/2015 09:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.13.1, Zeitstempel: 0x52f202d0
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 11.10.13.1, Zeitstempel: 0x52f20257
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x000c9860
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Vollständiger Name des fehlerhaften Pakets: NvBackend.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NvBackend.exe5
Error: (02/04/2015 09:41:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/04/2015 09:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (02/04/2015 09:09:15 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/04/2015 09:08:45 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/03/2015 10:07:31 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/03/2015 10:07:01 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/03/2015 04:23:28 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/03/2015 04:22:57 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/03/2015 03:50:45 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/03/2015 03:50:14 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/03/2015 03:06:22 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/03/2015 03:05:52 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (02/05/2015 01:36:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: osk.exe6.3.9600.1723853d0db93ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c2bb401d04137bf556edbC:\WINDOWS\System32\osk.exeC:\WINDOWS\SYSTEM32\ntdll.dll9f6ccc60-ad33-11e4-bf2c-48d224b58381
Error: (02/05/2015 01:00:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (02/05/2015 00:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: osk.exe6.3.9600.1723853d0db93ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c15e801d040c6f4ded416C:\WINDOWS\System32\osk.exeC:\WINDOWS\SYSTEM32\ntdll.dll8f40a5d8-acc6-11e4-bf2c-48d224b58381
Error: (02/04/2015 10:58:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.1703145c01d040c58cb3a0794294967295C:\Windows\System32\WWAHost.exed4a82226-acb8-11e4-bf2c-48d224b58381winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store
Error: (02/04/2015 10:57:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142
Error: (02/04/2015 10:57:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store
Error: (02/04/2015 09:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0msvcrt.dll7.0.9600.1638452158ff5c000000500009948ba001d03317b1acc81bC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\WINDOWS\SYSTEM32\msvcrt.dllb1806d3d-acb0-11e4-bf2c-48d224b58381
Error: (02/04/2015 09:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0nvspcap.dll_unloaded11.10.13.152f20257c00001a5000c9860ba001d03317b1acc81bC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dlla66b7669-acb0-11e4-bf2c-48d224b58381
Error: (02/04/2015 09:41:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Saturn\Downloads\esetsmartinstaller_deu.exe
Error: (02/04/2015 09:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Saturn\Downloads\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 68%
Total physical RAM: 5962.27 MB
Available physical RAM: 1890.84 MB
Total Pagefile: 12106.27 MB
Available Pagefile: 5006.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:205.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Baris (administrator) on ACER on 05-02-2015 14:05:03
Running from C:\Users\Saturn\Downloads
Loaded Profiles: Baris (Available profiles: Baris)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\ARA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:antivirus /after_restart"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications))
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Run: [Facebook Update] => C:\Users\Saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-05] (Facebook Inc.)
HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2520385442-11042346-106642047-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2520385442-11042346-106642047-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> DefaultScope {0CC70608-3DE2-4D03-AEDE-5D91F6801D57} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B010DE662D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M6769CE4F-8330-4780-9C68-97A028AE197D&SearchSource=58&CUI=&UM=5&UP=SPB9CB065E-730C-41CD-8096-5A8A79996F5D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> {0CC70608-3DE2-4D03-AEDE-5D91F6801D57} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B010DE662D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyBtA0C0E0ByE0DzztAzyyEtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CtA0CyEtB0B0DtG0AtAtDyDtG0CyCtB0EtG0FtD0C0EtGtDyDtDyEzyyE0FtAyBtAtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtD0E0AyCtByCtG0FzzyDzytGzztAzyyCtG0D0FzztAtGyBzy0DzzzztCzzyEyBtDyDyD2Q&cr=1041861193&ir=
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> {A3811F2A-F977-4933-A262-E9A9D7C948EE} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyBtA0C0E0ByE0DzztAzyyEtN0D0Tzu0SzztAzytN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtBtB0A0FtA0DyDtGzy0EzztCtG0DyByB0AtGyDtC0E0FtGyD0A0B0FyDzy0CtA0B0CyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtD0E0AyCtByCtG0FzzyDzytGzztAzyyCtG0D0FzztAtGyBzy0DzzzztCzzyEyBtDyDyD2Q&cr=1457698353&ir=
SearchScopes: HKU\S-1-5-21-2520385442-11042346-106642047-1002 -> {F634ADD6-9242-435C-942D-FD491A4997F6} URL =
BHO: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {3004627E-F8E9-4E8B-909D-316753CBA923} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1397650483&from=smt&uid=WDCXWD5000LPVX-22V0TT0_WD-WXC1A639720597205
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2520385442-11042346-106642047-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Saturn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2520385442-11042346-106642047-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-04-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage: Default -> hxxp://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyBtA0C0E0ByE0DzztAzyyEtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CtA0CyEtB0B0DtG0AtAtDyDtG0CyCtB0EtG0FtD0C0EtGtDyDtDyEzyyE0FtAyBtAtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtD0E0AyCtByCtG0FzzyDzytGzztAzyyCtG0D0FzztAtGyBzy0DzzzztCzzyEyBtDyDyD2Q&cr=1041861193&ir=
CHR StartupUrls: Default -> "hxxp://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyBtA0C0E0ByE0DzztAzyyEtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CtA0CyEtB0B0DtG0AtAtDyDtG0CyCtB0EtG0FtD0C0EtGtDyDtDyEzyyE0FtAyBtAtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtD0E0AyCtByCtG0FzzyDzytGzztAzyyCtG0D0FzztAtGyBzy0DzzzztCzzyEyBtDyDyD2Q&cr=1041861193&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M6769CE4F-8330-4780-9C68-97A028AE197D&SearchSource=55&CUI=&UM=5&UP=SPB9CB065E-730C-41CD-8096-5A8A79996F5D&SSPV=", "hxxp://www.bing.com/?pc=U223", "hxxp://start.qone8.com/?type=hp&ts=1397650483&from=smt&uid=WDCXWD5000LPVX-22V0TT0_WD-WXC1A639720597205", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyBtA0C0E0ByE0DzztAzyyEtN0D0Tzu0SzztAzytN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtBtB0A0FtA0DyDtGzy0EzztCtG0DyByB0AtGyDtC0E0FtGyD0A0B0FyDzy0CtA0B0CyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtD0E0AyCtByCtG0FzzyDzytGzztAzyyCtG0D0FzztAtGyBzy0DzzzztCzzyEyBtDyDyD2Q&cr=1457698353&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Adblock Plus) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-24]
CHR Extension: (Google-Suche) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Avast SafePrice) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-03]
CHR Extension: (Avira SafeSearch) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffalmjohbhdhlkajphgkhloccibhmoog [2014-09-03]
CHR Extension: (SiteAdvisor) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-16]
CHR Extension: (Avira Browserschutz) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-24]
CHR Extension: (AdBlock) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]
CHR Extension: (Avast Online Security) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-24]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-10-11]
CHR Extension: (Skype Click to Call) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-18]
CHR Extension: (Google Wallet) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Battlefield Play4Free) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-03-31]
CHR Extension: (Instagram for Chrome) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-04-24]
CHR Extension: (Google Mail) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-16]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Saturn\AppData\Local\speedial.crx [2014-04-19]
CHR HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKU\S-1-5-21-2520385442-11042346-106642047-1002\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Saturn\AppData\Local\speedial.crx [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Saturn\AppData\Local\speedial.crx [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154320 2014-12-03] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-01-28] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:05 - 2015-02-05 14:06 - 00031959 _____ () C:\Users\Saturn\Downloads\FRST.txt
2015-02-05 14:04 - 2015-02-05 14:05 - 00000000 ____D () C:\FRST
2015-02-05 14:03 - 2015-02-05 14:03 - 02131968 _____ (Farbar) C:\Users\Saturn\Downloads\FRST64.exe
2015-02-05 00:13 - 2015-02-05 00:19 - 00000127 _____ () C:\Users\Saturn\Desktop\Neues Textdokument.txt
2015-02-04 23:00 - 2015-02-04 23:00 - 01191200 _____ () C:\Users\Saturn\Downloads\Windows 8 Setup Tool - CHIP-Installer.exe
2015-02-04 21:50 - 2015-02-04 21:50 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-04 21:48 - 2015-02-04 21:48 - 02867648 _____ () C:\Users\Saturn\Downloads\bitdefender_antivirus.exe
2015-02-04 21:41 - 2015-02-04 21:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-04 21:38 - 2015-02-04 21:38 - 02347384 _____ (ESET) C:\Users\Saturn\Downloads\esetsmartinstaller_deu.exe
2015-02-04 18:52 - 2015-02-04 18:52 - 10459409 _____ () C:\Users\Saturn\Desktop\trailer.mp4
2015-02-03 16:41 - 2015-02-03 16:41 - 00011524 _____ () C:\Users\Saturn\Downloads\Download.htm
2015-02-03 16:41 - 2015-02-03 16:41 - 00011524 _____ () C:\Users\Saturn\Downloads\Download (1).htm
2015-02-02 17:14 - 2015-02-02 17:14 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-01 23:31 - 2015-02-01 23:31 - 00016312 _____ () C:\Users\Saturn\Downloads\KitChooser_Source.rar
2015-02-01 21:45 - 2015-02-01 21:47 - 29826488 _____ (Wireshark development team) C:\Users\Saturn\Downloads\Wireshark-win64-1.12.3.exe
2015-02-01 19:18 - 2015-02-01 19:18 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (6).msi
2015-02-01 18:58 - 2015-02-01 18:58 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (5).msi
2015-02-01 18:46 - 2015-02-01 18:46 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (4).msi
2015-02-01 17:56 - 2015-02-01 17:56 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (3).msi
2015-02-01 17:29 - 2015-02-01 17:29 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (2).msi
2015-02-01 17:29 - 2015-02-01 17:29 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller (1).msi
2015-02-01 17:28 - 2015-02-01 17:28 - 02314240 _____ () C:\Users\Saturn\Downloads\MinecraftInstaller.msi
2015-01-31 22:38 - 2015-01-31 22:38 - 00015565 _____ () C:\Users\Saturn\Downloads\KitChooser.jar
2015-01-31 16:35 - 2015-02-03 18:01 - 00000314 _____ () C:\Users\Saturn\Desktop\jd-gui.cfg
2015-01-31 01:47 - 2015-01-31 01:47 - 00096901 _____ () C:\Users\Saturn\Downloads\KingKits.jar
2015-01-31 01:36 - 2015-01-31 01:36 - 00139236 _____ () C:\Users\Saturn\Downloads\ServerSigns.jar
2015-01-31 01:36 - 2015-01-31 01:36 - 00039672 _____ () C:\Users\Saturn\Downloads\KingKitsSpecial-1.1.7.jar
2015-01-30 23:09 - 2015-01-30 23:10 - 00012325 _____ () C:\Users\Saturn\Downloads\Itemizer (6).jar
2015-01-30 23:09 - 2015-01-30 23:09 - 00008035 _____ () C:\Users\Saturn\Downloads\Itemizer (5).jar
2015-01-30 23:08 - 2015-01-30 23:08 - 00016557 _____ () C:\Users\Saturn\Downloads\Itemizer (4).jar
2015-01-30 23:07 - 2015-01-30 23:07 - 00015641 _____ () C:\Users\Saturn\Downloads\Itemizer (3).jar
2015-01-30 21:28 - 2015-01-30 21:28 - 00003234 _____ () C:\Users\Saturn\Downloads\cBans_v2.0.jar
2015-01-28 23:36 - 2015-01-28 23:36 - 00013496 _____ () C:\Users\Saturn\Downloads\SupportChat_Source.rar
2015-01-28 23:06 - 2015-01-28 23:06 - 00343172 _____ () C:\Users\Saturn\Downloads\HolographicDisplays.jar
2015-01-28 22:30 - 2015-01-28 22:30 - 02936397 _____ () C:\Users\Saturn\Downloads\forge-1.7.2-10.12.2.1147-installer.jar
2015-01-28 22:30 - 2015-01-28 22:30 - 00192564 _____ () C:\Users\Saturn\Downloads\ShadersModCore-v2.3.4-mc1.7.2-f1019.jar
2015-01-28 22:26 - 2015-01-28 22:26 - 00882551 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.2_HD_U_D4.jar
2015-01-28 22:24 - 2015-01-28 22:24 - 00221141 _____ () C:\Users\Saturn\Downloads\ShadersModCore-v2.3.30-mc1.7.2-f.jar
2015-01-28 20:34 - 2015-01-28 20:34 - 00000000 ____D () C:\Essentials
2015-01-28 18:00 - 2015-01-28 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-28 18:00 - 2015-01-28 18:00 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-27 23:02 - 2015-01-27 23:02 - 00000000 ____D () C:\Users\Saturn\Desktop\Neuer Ordner (3)
2015-01-27 22:44 - 2015-01-27 22:44 - 00022312 _____ () C:\Users\Saturn\Downloads\JCVaultListener-2.0.3.jar
2015-01-27 22:25 - 2015-01-27 22:26 - 00018694 _____ () C:\Users\Saturn\Downloads\Votifier.jar
2015-01-27 22:24 - 2015-01-27 22:24 - 00009292 _____ () C:\Users\Saturn\Downloads\GAListener (1).jar
2015-01-27 22:15 - 2015-01-27 22:15 - 00065222 _____ () C:\Users\Saturn\Downloads\GAListener.jar
2015-01-27 21:52 - 2015-01-27 21:52 - 00055594 _____ () C:\Users\Saturn\Downloads\CombatTag.jar
2015-01-27 21:52 - 2015-01-27 21:52 - 00023176 _____ () C:\Users\Saturn\Downloads\Votifier.rar
2015-01-27 17:27 - 2015-02-01 19:37 - 04000249 _____ () C:\Users\Saturn\Downloads\WinRAR-archive--neu-.rar
2015-01-27 13:20 - 2015-01-27 13:32 - 00012191 _____ () C:\Users\Saturn\Desktop\permissions.yml
2015-01-26 23:45 - 2015-01-26 23:45 - 00021457 _____ () C:\Users\Saturn\Downloads\ChatEssentials.jar
2015-01-26 22:59 - 2015-01-26 22:59 - 00011916 _____ () C:\Users\Saturn\Downloads\InfinityDispenser.jar
2015-01-26 22:44 - 2015-01-26 22:44 - 00015641 _____ () C:\Users\Saturn\Downloads\Itemizer (2).jar
2015-01-26 22:40 - 2015-01-26 22:40 - 00015607 _____ () C:\Users\Saturn\Downloads\Itemizer (1).jar
2015-01-26 22:39 - 2015-01-26 22:39 - 00019508 _____ () C:\Users\Saturn\Downloads\iDispenser.jar
2015-01-26 19:11 - 2015-01-30 21:26 - 00040570 _____ () C:\Users\Saturn\Desktop\bPCS.jar
2015-01-26 19:11 - 2015-01-26 19:11 - 00007068 _____ () C:\Users\Saturn\Desktop\bFrieden.jar
2015-01-26 18:45 - 2015-01-26 18:45 - 00017624 _____ () C:\Users\Saturn\Downloads\Itemizer.jar
2015-01-26 18:43 - 2015-01-26 18:43 - 00223996 _____ () C:\Users\Saturn\Downloads\Shopkeepers (11).jar
2015-01-26 18:42 - 2015-01-26 18:42 - 00107169 _____ () C:\Users\Saturn\Downloads\Shopkeepers (10).jar
2015-01-26 18:40 - 2015-01-26 18:40 - 00110363 _____ () C:\Users\Saturn\Downloads\Shopkeepers (9).jar
2015-01-26 18:35 - 2015-01-26 18:35 - 00135432 _____ () C:\Users\Saturn\Downloads\Shopkeepers (8).jar
2015-01-26 18:33 - 2015-01-26 18:33 - 00106133 _____ () C:\Users\Saturn\Downloads\Shopkeepers (7).jar
2015-01-26 18:32 - 2015-01-26 18:32 - 00103194 _____ () C:\Users\Saturn\Downloads\Shopkeepers (6).jar
2015-01-26 18:30 - 2015-01-26 18:30 - 00098442 _____ () C:\Users\Saturn\Downloads\Shopkeepers (5).jar
2015-01-26 18:29 - 2015-01-26 18:29 - 00088271 _____ () C:\Users\Saturn\Downloads\Shopkeepers (4).jar
2015-01-26 18:28 - 2015-01-26 18:28 - 00086700 _____ () C:\Users\Saturn\Downloads\Shopkeepers (3).jar
2015-01-26 18:27 - 2015-01-26 18:27 - 00258867 _____ () C:\Users\Saturn\Downloads\Shopkeepers (2).jar
2015-01-26 17:24 - 2015-01-26 17:24 - 00140404 _____ () C:\Users\Saturn\Downloads\Ultrabans.jar
2015-01-26 00:05 - 2015-01-26 00:05 - 00133575 _____ () C:\Users\Saturn\Downloads\Shopkeepers (1).jar
2015-01-25 23:57 - 2015-01-25 23:57 - 00258867 _____ () C:\Users\Saturn\Downloads\Shopkeepers.jar
2015-01-25 23:53 - 2015-01-25 23:53 - 00078233 _____ () C:\Users\Saturn\Downloads\ParticleMenu.jar
2015-01-25 23:44 - 2015-01-25 23:44 - 00081919 _____ () C:\Users\Saturn\Downloads\UltimateParticles.jar
2015-01-25 23:30 - 2015-01-25 23:30 - 00040682 _____ () C:\Users\Saturn\Downloads\TeleParticles.jar
2015-01-25 23:19 - 2015-01-25 23:19 - 00019889 _____ () C:\Users\Saturn\Downloads\PlayerParticles_v2.6.jar
2015-01-25 23:16 - 2015-01-25 23:16 - 00005428 _____ () C:\Users\Saturn\Downloads\DiscoArmour (1).jar
2015-01-25 21:21 - 2015-01-25 21:21 - 00012799 _____ () C:\Users\Saturn\Downloads\SupportChat.jar
2015-01-25 21:08 - 2015-01-25 21:08 - 07174418 _____ () C:\Users\Saturn\Downloads\Plugins 1.o0.rar
2015-01-22 19:00 - 2015-01-22 19:00 - 00002057 _____ () C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2015-01-22 19:00 - 2015-01-22 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-01-22 18:58 - 2015-01-22 18:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-22 18:58 - 2015-01-22 18:58 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-22 18:54 - 2015-01-22 18:54 - 29546352 _____ (Microsoft Corporation) C:\Users\Saturn\Downloads\LifeCam3.22.exe
2015-01-21 23:37 - 2015-01-21 23:37 - 00532048 _____ () C:\Users\Saturn\Downloads\PermissionsEx (1).jar
2015-01-21 23:33 - 2015-01-21 23:33 - 00722603 _____ () C:\Users\Saturn\Downloads\PermissionsEx.jar
2015-01-21 23:31 - 2015-01-21 23:31 - 00990670 _____ () C:\Users\Saturn\Downloads\Essentials.zip
2015-01-21 22:51 - 2015-01-21 22:51 - 00027073 _____ () C:\Users\Saturn\Downloads\AdminShop.jar
2015-01-21 18:22 - 2015-01-21 18:23 - 07903505 _____ () C:\Users\Saturn\Downloads\minecraft_server.1.8.1.jar
2015-01-21 16:38 - 2015-01-21 16:38 - 00788580 _____ () C:\Users\Saturn\Downloads\jd-gui-0.3.6.windows.zip
2015-01-21 16:38 - 2013-11-03 22:19 - 00808448 _____ () C:\Users\Saturn\Desktop\jd-gui.exe
2015-01-20 22:47 - 2015-01-28 18:00 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-01-20 22:46 - 2015-01-20 22:46 - 08536064 _____ () C:\Users\Saturn\Downloads\hamachi291.msi
2015-01-20 22:38 - 2015-01-20 22:38 - 00006978 _____ () C:\Users\Saturn\Desktop\bFriede.zip
2015-01-20 22:37 - 2015-01-20 22:37 - 00000000 ____D () C:\Users\Saturn\Desktop\bFriede
2015-01-20 22:20 - 2015-02-01 19:37 - 00000000 ____D () C:\Users\Saturn\Desktop\PvP
2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-01-18 21:21 - 2015-01-18 21:21 - 21311477 _____ () C:\Users\Saturn\Downloads\Offical Lays Texturepack.rar
2015-01-18 19:05 - 2015-01-18 19:05 - 00026671 _____ () C:\Users\Saturn\Downloads\WGRegionEffects.jar
2015-01-18 19:04 - 2015-01-18 19:04 - 00324043 _____ () C:\Users\Saturn\Downloads\worldguard-5.9.zip
2015-01-18 19:03 - 2015-01-18 19:03 - 00014110 _____ () C:\Users\Saturn\Downloads\ColoredSigns.jar
2015-01-18 18:46 - 2015-01-18 18:46 - 00723561 _____ () C:\Users\Saturn\Downloads\PermissionsEx-1.23.1.jar
2015-01-18 18:43 - 2015-01-18 18:43 - 00002818 _____ () C:\Users\Saturn\Downloads\Head.jar
2015-01-18 18:42 - 2015-01-18 18:43 - 00005428 _____ () C:\Users\Saturn\Downloads\DiscoArmour.jar
2015-01-18 16:26 - 2015-01-18 16:26 - 01055067 _____ () C:\Users\Saturn\Downloads\VBCABLEDriver_Pack42b.zip
2015-01-18 16:19 - 2015-01-18 16:20 - 10328598 _____ (Nullsoft, Inc.) C:\Users\Saturn\Downloads\winamp5666_full_en-us_redux.exe
2015-01-18 16:18 - 2015-01-18 16:20 - 00000991 _____ () C:\Users\Public\Desktop\Winamp.lnk
2015-01-18 16:18 - 2015-01-18 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-01-18 16:18 - 2015-01-18 16:18 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2015-01-18 16:18 - 2015-01-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2015-01-18 16:17 - 2015-01-27 13:32 - 00000000 ____D () C:\Users\Saturn\Desktop\Virtual Audio Cable 4.10 (Full)
2015-01-18 16:17 - 2015-01-18 16:27 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Winamp
2015-01-18 16:17 - 2015-01-18 16:20 - 00000000 ____D () C:\Program Files (x86)\Winamp
2015-01-18 16:16 - 2015-01-18 16:17 - 17888872 _____ (Nullsoft, Inc.) C:\Users\Saturn\Downloads\winamp57_3444_beta_full_all.exe
2015-01-18 16:16 - 2015-01-18 16:16 - 00380841 _____ () C:\Users\Saturn\Downloads\Virtual Audio Cable 4.10 (Full).rar
2015-01-18 13:05 - 2015-01-18 13:06 - 10440843 _____ () C:\Users\Saturn\Downloads\Rewinside.zip
2015-01-18 12:56 - 2015-01-18 12:57 - 75591642 _____ () C:\Users\Saturn\Downloads\_____Ameno_Rewinside_____.mp4
2015-01-18 01:33 - 2015-01-18 01:33 - 00887784 _____ () C:\Users\Saturn\Downloads\OptiFine_1.8.1_HD_U_C1.jar
2015-01-18 01:33 - 2015-01-18 01:33 - 00818617 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.5_HD_U_D1 (1).jar
2015-01-18 01:33 - 2015-01-18 01:33 - 00792689 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.4_HD_D1.jar
2015-01-18 01:18 - 2015-01-18 01:18 - 00856122 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.2_HD_D4 (1).jar
2015-01-18 01:15 - 2015-01-18 01:15 - 00818889 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2015-01-18 01:12 - 2015-01-18 01:12 - 00814735 _____ () C:\Users\Saturn\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2015-01-17 23:55 - 2015-01-18 00:02 - 34234741 _____ () C:\Users\Saturn\Downloads\Ameno_REMIX_Original_24_H_Mitschnitt_Rewinside__By_Mpire.mp4
2015-01-17 23:30 - 2015-01-17 23:30 - 00000000 ____D () C:\Users\Saturn\Documents\MAGIX_MusicEditor
2015-01-17 23:30 - 2015-01-17 23:30 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Xara
2015-01-17 23:30 - 2015-01-17 23:30 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Magix
2015-01-17 23:09 - 2015-02-01 15:40 - 00000000 ___RD () C:\Users\Saturn\Documents\MAGIX
2015-01-17 23:09 - 2015-02-01 15:40 - 00000000 ____D () C:\ProgramData\MAGIX
2015-01-17 23:09 - 2015-02-01 15:40 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-01-17 23:08 - 2015-01-17 23:08 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-17 21:50 - 2015-01-17 23:45 - 12577574 _____ () C:\Users\Saturn\Downloads\Magix Video Deluxe 2014 Premium.zip
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\Users\Saturn\AppData\Local\DVDVideoSoft_Ltd
2015-01-17 18:40 - 2015-01-17 19:09 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Opera Software
2015-01-17 18:34 - 2015-01-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-17 18:32 - 2015-01-17 18:32 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\TuneUp Software
2015-01-17 18:32 - 2015-01-17 18:32 - 00000000 ____D () C:\Users\Saturn\AppData\Local\TuneUp Software
2015-01-17 18:29 - 2015-01-17 18:41 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-17 18:29 - 2015-01-17 18:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-17 18:28 - 2015-01-17 19:11 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\DVDVideoSoft
2015-01-17 18:27 - 2015-01-17 18:27 - 20431920 _____ (DVDVideoSoft Ltd. ) C:\Users\Saturn\Downloads\FreeScreenVideoRecorder.exe
2015-01-17 15:36 - 2015-01-17 15:36 - 01568433 _____ () C:\Users\Saturn\Downloads\worldedit-bukkit-6.0.jar
2015-01-17 13:22 - 2015-01-17 13:22 - 00000000 _____ () C:\Users\Saturn\Desktop\01788064028.txt
2015-01-16 20:30 - 2015-01-16 20:31 - 00888174 _____ () C:\Users\Saturn\Downloads\OptiFine_1.8.1_HD_U_C3.jar
2015-01-16 18:44 - 2015-01-16 18:44 - 00320143 _____ () C:\Users\Saturn\Downloads\Multiverse-Inventories-2.5.jar
2015-01-16 18:43 - 2015-01-16 18:43 - 00325807 _____ () C:\Users\Saturn\Downloads\Multiverse-Core-2.4.jar
2015-01-16 18:43 - 2015-01-16 18:43 - 00081462 _____ () C:\Users\Saturn\Downloads\Multiverse-Portals-2.4.jar
2015-01-16 18:42 - 2015-01-18 19:05 - 00000000 ____D () C:\Users\Saturn\Desktop\Lobby
2015-01-16 18:40 - 2015-01-16 18:46 - 01989061 _____ () C:\Users\Saturn\Downloads\Server Lobby - by Pokemoon100.rar
2015-01-16 17:03 - 2015-01-16 17:03 - 15848603 _____ () C:\Users\Saturn\Downloads\ERA_-_Ameno.mp4
2015-01-16 13:06 - 2015-01-16 13:06 - 00050911 _____ () C:\Users\Saturn\Downloads\Lobby.schematic
2015-01-16 12:12 - 2015-01-16 12:16 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\.technic
2015-01-15 23:17 - 2015-01-15 23:17 - 09433891 _____ () C:\Users\Saturn\Downloads\YouTube_Kacke_-_Ficky_Maus_treibt_unanstndige_Dinge.mp4
2015-01-15 23:15 - 2015-01-15 23:16 - 23668678 _____ () C:\Users\Saturn\Downloads\YouTube_poop_-_Tagesschau_am_17.05.2012.mp4
2015-01-15 23:02 - 2015-01-15 23:03 - 49289555 _____ () C:\Users\Saturn\Downloads\Lisa_Cat_feat._Elotrix.mp4
2015-01-15 22:59 - 2015-01-15 23:03 - 94816523 _____ () C:\Users\Saturn\Downloads\Lisa_Cat_feat.__ReaaznnSchubidu_und_Elotrix_2.mp4
2015-01-15 19:28 - 2015-01-15 19:17 - 22764208 ____N () C:\Users\Saturn\Desktop\TechnicLauncher.exe
2015-01-15 19:16 - 2015-01-15 19:17 - 22764208 _____ () C:\Users\Saturn\Downloads\TechnicLauncher.exe
2015-01-14 17:22 - 2015-01-14 17:29 - 21066924 _____ () C:\Users\Saturn\Downloads\ia.zip
2015-01-09 23:57 - 2015-01-19 17:49 - 00000000 ____D () C:\Users\Saturn\Desktop\Cloud Downloader 2.2
2015-01-09 23:55 - 2015-01-09 23:55 - 01174352 _____ () C:\Users\Saturn\Downloads\Cloud Downloader - CHIP-Installer.exe
2015-01-06 17:05 - 2015-01-06 17:41 - 69853406 _____ () C:\Users\Saturn\Downloads\Afrika-PvP v3 (schlechter PC).zip
2015-01-06 15:58 - 2015-01-06 15:58 - 38377191 _____ () C:\Users\Saturn\Downloads\BannerAWTemp.psd
2015-01-06 15:49 - 2015-01-06 15:49 - 00000000 ____D () C:\Users\Saturn\Desktop\Youtube Banner Template #6 By MX9
2015-01-06 15:48 - 2015-01-06 15:49 - 12612144 _____ () C:\Users\Saturn\Downloads\Youtube Banner Template #6 By MX9.rar
2015-01-06 05:37 - 2015-01-06 05:37 - 00233378 _____ () C:\Users\Saturn\Downloads\instant-dance-party-song.ogg
2015-01-06 05:18 - 2015-01-06 05:20 - 102983184 _____ () C:\Users\Saturn\Downloads\clrbrowser4_repack (1).zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:05 - 2014-02-16 10:47 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Skype
2015-02-05 14:03 - 2005-10-14 05:59 - 00499308 ____H () C:\Users\Saturn\AppData\Roaming\Barislog.dat
2015-02-05 14:00 - 2014-04-19 01:00 - 00000304 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2015-02-05 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-05 13:46 - 2014-04-16 13:16 - 00000302 _____ () C:\WINDOWS\Tasks\FF Watcher {098D5A1E-A914-499F-B2FC-78A445E626F9}.job
2015-02-05 13:46 - 2014-04-16 13:16 - 00000292 _____ () C:\WINDOWS\Tasks\FF Watcher {8053C1CD-5914-48EB-AAB1-802857E4487E}.job
2015-02-05 13:26 - 2014-05-18 18:43 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\.minecraft
2015-02-05 13:25 - 2014-06-30 12:12 - 01582909 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-05 12:42 - 2014-04-14 15:02 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{480E1AC6-271B-4B12-832F-DE9C401F80DB}
2015-02-04 23:53 - 2014-09-05 16:47 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002UA.job
2015-02-04 22:40 - 2014-02-16 10:27 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2520385442-11042346-106642047-1002
2015-02-04 21:27 - 2014-02-17 18:13 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\TS3Client
2015-02-04 17:53 - 2014-09-05 16:47 - 00000918 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2520385442-11042346-106642047-1002Core.job
2015-02-04 14:52 - 2014-06-30 12:12 - 00847872 ___SH () C:\Users\Saturn\Desktop\Thumbs.db
2015-02-04 14:19 - 2014-02-16 10:28 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:19 - 2014-02-16 10:28 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 14:19 - 2014-02-16 10:28 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 14:19 - 2014-02-16 10:28 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 12:10 - 2014-02-14 15:44 - 00000000 ____D () C:\Users\Saturn\AppData\Local\VirtualStore
2015-02-04 12:10 - 2013-07-19 10:52 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-04 08:39 - 2014-02-16 10:53 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Adobe
2015-02-04 00:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-03 21:05 - 2014-03-23 16:40 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Eclipse
2015-02-02 18:24 - 2014-02-17 16:15 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\FileZilla
2015-02-02 17:15 - 2014-06-11 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 17:14 - 2014-02-16 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 17:14 - 2014-02-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-28 18:21 - 2014-04-16 07:48 - 03190784 ___SH () C:\Users\Saturn\Downloads\Thumbs.db
2015-01-28 18:16 - 2014-06-17 15:25 - 00000000 ____D () C:\Users\Saturn\Documents\Euro Truck Simulator 2
2015-01-28 18:00 - 2014-12-23 15:38 - 00000000 ____D () C:\Users\Saturn\AppData\Local\LogMeIn Hamachi
2015-01-25 21:22 - 2014-04-14 12:36 - 00000000 ___DO () C:\Users\Saturn\SkyDrive
2015-01-22 19:00 - 2014-09-03 15:24 - 00004445 _____ () C:\WINDOWS\setupact.log
2015-01-22 18:54 - 2013-11-14 08:27 - 01804092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 18:54 - 2013-11-14 08:11 - 00775588 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-22 18:54 - 2013-11-14 08:11 - 00163774 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-21 22:55 - 2014-04-15 17:57 - 00000000 ____D () C:\Users\Saturn\Desktop\Spiele
2015-01-21 19:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-19 17:28 - 2014-12-30 00:35 - 00000000 ____D () C:\Users\Saturn\Desktop\Anne
2015-01-18 13:13 - 2014-09-05 19:32 - 00000000 ___RD () C:\Users\Saturn\Dropbox
2015-01-18 13:13 - 2014-09-03 15:53 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Dropbox
2015-01-18 13:10 - 2014-03-15 17:30 - 00000336 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2015-01-18 13:10 - 2013-07-19 10:52 - 00000000 ____D () C:\Program Files\mcafee
2015-01-18 13:10 - 2013-07-19 10:52 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-18 13:10 - 2013-07-19 10:52 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-18 13:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 13:09 - 2013-08-22 15:44 - 05137064 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-18 13:08 - 2014-07-04 14:48 - 00045166 _____ () C:\WINDOWS\PFRO.log
2015-01-18 00:04 - 2014-04-15 17:58 - 00000000 ____D () C:\Users\Saturn\Desktop\Handy
2015-01-17 21:19 - 2014-12-25 18:48 - 00000000 ____D () C:\Users\Saturn\Documents\Bandicam
2015-01-16 15:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-16 12:24 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:21 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-13 14:19 - 2015-01-03 07:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 16:05 - 2014-06-11 18:39 - 00001456 _____ () C:\Users\Saturn\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-01-06 06:22 - 2014-03-16 12:39 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\OBS
2015-01-06 05:25 - 2015-01-05 03:58 - 00000000 ____D () C:\Users\Saturn\Desktop\twitch plugins
==================== Files in the root of some directories =======
2014-06-11 18:26 - 2014-12-28 17:35 - 0000132 _____ () C:\Users\Saturn\AppData\Roaming\Adobe IllExport-Filter CC - Voreinstellungen
2005-10-14 05:59 - 2015-02-05 14:03 - 0499308 ____H () C:\Users\Saturn\AppData\Roaming\Barislog.dat
2014-04-20 23:00 - 2014-04-20 23:00 - 0000047 _____ () C:\Users\Saturn\AppData\Roaming\WB.CFG
2014-06-11 18:39 - 2015-01-06 16:05 - 0001456 _____ () C:\Users\Saturn\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-02-21 14:15 - 2014-07-28 19:05 - 0003584 _____ () C:\Users\Saturn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-13 19:38 - 2014-04-13 19:38 - 0000094 _____ () C:\Users\Saturn\AppData\Local\fusioncache.dat
2014-05-20 15:22 - 2014-05-20 15:22 - 0002712 _____ () C:\Users\Saturn\AppData\Local\recently-used.xbel
2014-04-19 01:00 - 2014-04-19 01:00 - 0358193 _____ () C:\Users\Saturn\AppData\Local\speedial.crx
2014-05-28 16:55 - 2014-05-28 16:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Saturn\AppData\Local\Temp\0325281421407253mcinst.exe
C:\Users\Saturn\AppData\Local\Temp\Ask-Fm-Autolike.exe
C:\Users\Saturn\AppData\Local\Temp\AskFmApi.exe
C:\Users\Saturn\AppData\Local\Temp\avgnt.exe
C:\Users\Saturn\AppData\Local\Temp\bdfilters.dll
C:\Users\Saturn\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Saturn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegwjgk.dll
C:\Users\Saturn\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Saturn\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Saturn\AppData\Local\Temp\jansi-64-git-Spigot-1.7.2-R0.3-122-gb58e277.dll
C:\Users\Saturn\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Saturn\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Saturn\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Saturn\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Saturn\AppData\Local\Temp\swt-win32-3349.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 15:29
==================== End Of Log ============================
--- --- --- --- --- --- #push |
|
05.02.2015, 16:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ask.fm Like-Bot virus. Dazu wurde extra ein Artikel verlinkt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.02.2015, 17:20
| #5 |
| | Ask.fm Like-Bot virus. Wie meinst du? |
|
05.02.2015, 22:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ask.fm Like-Bot virus.
__________________ --> Ask.fm Like-Bot virus. |
|
06.02.2015, 18:31
| #7 |
| | Ask.fm Like-Bot virus. nach nem neustart mit malwarebyte war es gelöscht |
|
06.02.2015, 20:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ask.fm Like-Bot virus. Dann poste auch bitte endlich die Logs dazu! Es wurde ja oft genug erwähnt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ask.fm Like-Bot virus. |
| bot, gestern, guten, hilft, meldung, nicht mehr, runtergeladen, virus |
Linear-Darstellung
