![]() |
Plagegeister aller Art und deren Bekämpfung: Adware, allerdings nur auf einer Seite. (meines Wissens.)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Tagchen, Ich besuche tägliche die Website "www.imgur.com" auf meinem Firefox Browser- und mir ist etwas eher schon schlimm auschauliches aufgefallen. ![]() Das war definitiv davor nicht da. Ich habe kein Programm in letzter Zeit installiert. Das einzige, was ich getan habe war, alte Windows-Datein auf eine externe Festplatte zu übertragen. Ob es wohl daran lag bezweifle ich, aber man kann es ja erwähnen. Jedenfalls, nachdem ich das gesehen habe, schaute ich mich mal um. Diese Meldung erscheint nur auf Imgur, sonst nirgends (jedenfalls meines Wissens.) Youtube, Steam, reddit, 4chan etc. alle sind frei und haben keinerlei solcher Meldungen. Deswegen ließ ich schnell mein Antivirus laufen, nichts gefunden. Malwarebytes? Nichts gefunden. Adware cleaner? Nope. Keiner der Programme findest irgendetwas. Ich habe sogar Firefox restoriert und es ist immernoch da. Es wird nicht auf Safari/Chrome angezeigt. Weder war "AdChoices" bei den Programmen dabei. Hilfe? |
![]() | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Hi,
Eine neue Installation des Firefox-Browsers bringt idR bei solchen Problemen garnix, weil sich die Werbezecken im Browserprofil verewigen, da wird durch das Firefoxsetup nicht verändert. Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
![]() Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
![]() | #3 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.)FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015 Ran by Dr.Kawaii Fluury (administrator) on COMPUTER-PC on 06-02-2015 15:46:41 Running from C:\Users\Dr.Kawaii Fluury\Desktop Loaded Profiles: Dr.Kawaii Fluury (Available profiles: computer & Dr.Kawaii Fluury) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Windows\System32\atwtusb.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Windows\System32\atwtusb.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe () C:\Windows\System32\AtwtusbIcon.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe () C:\Program Files\puush\puush.exe (Akamai Technologies, Inc.) C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.) HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] () HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2874048 2015-02-06] (Valve Corporation) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [puush] => C:\Program Files\puush\puush.exe [567880 2014-07-25] () HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\MountPoints2: {19918c29-09a0-11e3-8fb3-001fd0287db9} - E:\Startme.exe Startup: C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2811185551-369326641-1495617965-1003 -> {63A15237-F99C-44D3-99EF-7B6550E5C57D} URL = hxxp://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files\Clover\TabHelper32.dll (EJIE Technology) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: AdBlock for Firefox - C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-05] FF Extension: Personas Plus - C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117\Extensions\personas@christopher.beard.xpi [2015-02-05] FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-01-27] FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-27] Chrome: ======= CHR Profile: C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30] CHR Extension: (Google Docs) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30] CHR Extension: (YouTube) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google-Suche) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Google Tabellen) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30] CHR Extension: (Avira Browser Safety) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-30] CHR Extension: (AdBlock) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-30] CHR Extension: (Google Wallet) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Google Mail) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-08] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [182304 2015-01-17] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2015-01-16] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1845096 2015-01-20] (LogMeIn Inc.) R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-10-25] (Hi-Rez Studios) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-28] (IObit) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-01-14] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] S3 npggsvc; C:\Windows\system32\GameMon.des [3101376 2014-12-15] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775816 2015-01-16] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WTService; C:\Windows\system32\atwtusb.exe [535552 2012-10-19] () [File not signed] S2 MainLSyncHost; c:\windows\system32\mpk\lsynchost.exe /startedbyscm:E4233B4F-40E3FE91-MPKService [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 apf004; C:\Windows\system32\apf004.sys [15112 2014-04-22] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-05-01] (Eugene V. Muzychenko) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed] R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18760 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] S3 XDva403; \??\C:\Windows\system32\XDva403.sys [X] S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X] S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 15:46 - 2015-02-06 15:47 - 00019212 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\FRST.txt 2015-02-06 06:30 - 2015-02-06 15:46 - 00000000 ____D () C:\FRST 2015-02-06 06:30 - 2015-02-06 06:30 - 01123328 _____ (Farbar) C:\Users\Dr.Kawaii Fluury\Desktop\FRST.exe 2015-02-05 22:16 - 2015-02-05 22:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dr.Kawaii Fluury\Downloads\revosetup.exe 2015-02-05 22:16 - 2015-02-05 22:16 - 00001222 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\Revo Uninstaller.lnk 2015-02-05 06:19 - 2015-02-05 06:19 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\Steam 2015-02-02 12:10 - 2015-02-02 12:11 - 06175244 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\dem bugs.mp4 2015-02-02 11:56 - 2015-02-02 11:58 - 544818824 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\nuclearthrone 2015-02-02 11-56-17-81.avi 2015-02-02 11:00 - 2015-02-02 11:00 - 01185351 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\7CZby9V.webm 2015-01-31 18:45 - 2015-01-31 18:45 - 00021721 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Local\recently-used.xbel 2015-01-30 18:09 - 2015-01-30 18:09 - 123779265 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\th145东方深秘录体验版[已打1.01补丁](C87).rar 2015-01-30 16:27 - 2015-02-05 21:05 - 00457936 _____ () C:\Windows\PFRO.log 2015-01-29 14:53 - 2015-01-29 15:15 - 99500292 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\Gun Locker.wav 2015-01-29 14:53 - 2015-01-29 15:09 - 67737692 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\mus107 looped.wav 2015-01-29 14:22 - 2015-01-29 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-29 14:22 - 2015-01-29 14:22 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2015-01-28 06:24 - 2015-02-06 15:05 - 00626570 _____ () C:\Windows\WindowsUpdate.log 2015-01-28 06:19 - 2015-02-06 13:26 - 00003080 _____ () C:\Windows\setupact.log 2015-01-28 06:19 - 2015-01-28 06:19 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-27 17:50 - 2015-01-27 17:50 - 00000000 ____D () C:\Users\computer\Desktop\Paul 2015-01-27 17:42 - 2015-01-27 17:42 - 00000000 ____D () C:\Users\computer\AppData\Local\Clover 2015-01-27 14:59 - 2015-01-09 23:25 - 00621200 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2015-01-27 14:56 - 2015-01-13 05:15 - 00161424 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys 2015-01-27 14:56 - 2015-01-13 05:15 - 00027280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 24765584 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 20465296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 10774728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 10714304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 08465224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-27 14:56 - 2015-01-10 03:43 - 03245712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 01047880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234725.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00929424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00911504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234725.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00906568 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00877304 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00399504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00345744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00305320 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00164752 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll 2015-01-27 14:50 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys 2015-01-27 14:40 - 2015-01-27 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek 2015-01-27 14:40 - 2011-09-16 08:12 - 00027752 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys 2015-01-27 14:40 - 2011-06-15 14:11 - 00050280 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys 2015-01-27 14:40 - 2011-06-15 14:11 - 00027648 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys 2015-01-27 14:39 - 2015-01-27 14:39 - 00000000 ____D () C:\Program Files\Intel 2015-01-27 14:39 - 2010-03-02 09:04 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2015-01-27 14:38 - 2015-01-27 14:40 - 00000000 ____D () C:\Program Files\Realtek 2015-01-27 14:38 - 2011-09-29 10:30 - 00490088 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2015-01-27 14:38 - 2011-09-29 10:30 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll 2015-01-27 14:38 - 2011-09-29 10:30 - 00080416 _____ () C:\Windows\system32\RtNicProp32.dll 2015-01-27 07:37 - 2015-01-27 07:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-26 20:00 - 2015-01-26 20:00 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Documents\TacticalIntervention 2015-01-19 16:48 - 2015-01-21 21:20 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2015-01-17 22:30 - 2015-01-17 22:30 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\.mono 2015-01-17 22:30 - 2015-01-17 22:28 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe 2015-01-17 21:26 - 2014-12-15 08:20 - 03101376 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des 2015-01-14 06:37 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 06:37 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 06:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 06:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 06:37 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 06:37 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 13:34 - 2013-02-27 10:15 - 00000000 ____D () C:\Program Files\Steam 2015-02-06 13:34 - 2013-02-27 10:15 - 00000000 ____D () C:\Program Files\Common Files\Steam 2015-02-06 13:34 - 2009-07-14 05:34 - 00019568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 13:34 - 2009-07-14 05:34 - 00019568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 13:33 - 2013-04-01 18:45 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\LogMeIn Hamachi 2015-02-06 13:27 - 2009-07-14 03:04 - 00000418 _____ () C:\Windows\win.ini 2015-02-06 13:26 - 2013-12-07 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-05 22:26 - 2013-05-29 21:29 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\IrfanView 2015-02-05 22:16 - 2014-12-19 23:44 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-05 21:23 - 2013-02-26 18:06 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Programme 2015-02-05 21:03 - 2014-04-21 18:01 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:51 - 2013-02-26 18:05 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury 2015-02-05 20:13 - 2014-08-16 16:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-05 07:20 - 2013-02-25 18:50 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-05 07:17 - 2013-07-07 14:42 - 00000000 ____D () C:\Users\computer\AppData\Local\LogMeIn Hamachi 2015-02-03 13:31 - 2014-11-18 13:39 - 00002193 _____ () C:\Users\computer\Desktop\Google Chrome.lnk 2015-02-03 06:18 - 2014-03-28 19:15 - 00000000 ____D () C:\ProgramData\ProductData 2015-02-02 14:22 - 2013-05-30 15:34 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\vlc 2015-02-01 10:52 - 2014-05-14 18:49 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\nuclearthrone 2015-01-31 19:25 - 2013-04-30 18:33 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\.gimp-2.8 2015-01-31 18:37 - 2013-03-10 07:10 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Sonstiges 2015-01-30 11:33 - 2013-04-01 14:04 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Audacity 2015-01-28 23:10 - 2013-02-26 21:16 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Skype 2015-01-27 21:00 - 2013-02-25 18:27 - 00000000 ____D () C:\M 2015-01-27 15:45 - 2014-08-06 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2015-01-27 15:26 - 2013-05-07 16:16 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Musik 2015-01-27 15:23 - 2013-09-08 19:58 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Wubwub 2015-01-27 15:03 - 2014-01-04 22:40 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Reactions 2015-01-27 15:03 - 2012-05-11 13:30 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Bilder 2015-01-27 15:00 - 2013-12-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-27 14:40 - 2013-09-05 15:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-27 14:28 - 2013-07-02 15:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-27 07:22 - 2014-02-12 07:11 - 00000000 ____D () C:\Users\computer\AppData\Local\NVIDIA 2015-01-27 07:21 - 2014-02-12 07:41 - 00000000 ____D () C:\Users\computer\AppData\Local\NVIDIA Corporation 2015-01-25 09:49 - 2013-02-27 08:12 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-25 09:49 - 2013-02-27 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-25 09:49 - 2013-02-27 08:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-24 09:38 - 2014-09-20 09:06 - 00000000 ___RD () C:\Program Files\Skype 2015-01-24 09:38 - 2013-02-26 21:02 - 00000000 ____D () C:\ProgramData\Skype 2015-01-21 21:16 - 2013-11-09 19:59 - 00000000 ____D () C:\AeriaGames 2015-01-16 07:41 - 2014-06-02 20:04 - 01316184 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll 2015-01-16 07:41 - 2013-12-07 19:50 - 01278920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll 2015-01-14 20:39 - 2013-05-01 11:55 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\foobar2000 2015-01-14 11:32 - 2013-04-01 18:45 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-14 07:24 - 2013-07-14 22:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 07:19 - 2013-02-28 17:43 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 05:15 - 2014-01-08 17:43 - 00908608 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll 2015-01-10 03:43 - 2013-12-07 19:35 - 00060560 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-01-10 03:43 - 2013-12-07 19:34 - 16009120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-01-10 03:43 - 2013-12-07 19:34 - 14116136 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-01-10 03:43 - 2013-12-07 19:33 - 02902272 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-01-10 03:43 - 2013-02-25 23:22 - 00022594 _____ () C:\Windows\system32\nvinfo.pb 2015-01-09 23:58 - 2013-12-07 19:30 - 04404040 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 03057808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 02554184 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 00670352 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-09 23:58 - 2013-12-07 19:30 - 00374928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 00061584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-09 18:46 - 2013-12-07 19:30 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin ==================== Files in the root of some directories ======= 2014-09-01 20:18 - 2014-12-01 22:12 - 0000139 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\licecap.ini 2014-06-19 10:12 - 2014-06-19 10:12 - 0000024 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\temp.ini 2015-01-31 18:45 - 2015-01-31 18:45 - 0021721 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Local\recently-used.xbel 2013-08-30 16:35 - 2013-07-01 16:36 - 0000032 ____R () C:\ProgramData\hash.dat Files to move or delete: ==================== C:\ProgramData\hash.dat C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job Some content of TEMP: ==================== C:\Users\computer\AppData\Local\Temp\AskSLib.dll C:\Users\computer\AppData\Local\Temp\avgnt.exe C:\Users\computer\AppData\Local\Temp\uninst1.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\avgnt.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\iv_uninstall.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\Quarantine.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-09-02 14:53 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015 Ran by Dr.Kawaii Fluury at 2015-02-06 15:48:12 Running from C:\Users\Dr.Kawaii Fluury\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\uTorrent) (Version: - BitTorrent Inc.) 100% Orange Juice (HKLM\...\Steam App 282800) (Version: - Orange_Juice) 32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers) Ace of Spades (HKLM\...\Steam App 224540) (Version: - ) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - Apple Inc.) Artweaver 1.0 (HKLM\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software) Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: - Avira) BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth) Besiege (HKLM\...\Steam App 346010) (Version: - Spiderling Studios) BleachBit (HKLM\...\BleachBit) (Version: 1.6 - BleachBit) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) Championsheep Rally (HKLM\...\Championsheep Rally) (Version: - Frogster Interactive Pictures) Clover 3.0 (HKLM\...\Clover) (Version: 3.0 - EJIE Technology) Codename Gordon (HKLM\...\Steam App 92) (Version: - Nuclear Vision) Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version: - Brace Yourself Games) Cube World version 0.0.1 (HKLM\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DARK SOULS™ II (HKLM\...\Steam App 236430) (Version: - FromSoftware, Inc) Don't Starve (HKLM\...\Steam App 219740) (Version: - ) Don't Starve Together Beta (HKLM\...\Steam App 322330) (Version: - Klei Entertainment) Dungeon of the Endless (HKLM\...\Steam App 249050) (Version: - AMPLITUDE Studios) Elsword (HKLM\...\Steam App 237310) (Version: - KOG) Eryi's Action (HKLM\...\Steam App 261700) (Version: - Xtal Sword) ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Fist of Jesus (HKLM\...\Steam App 321110) (Version: - Mutant Games) foobar2000 v1.2 (HKLM\...\foobar2000) (Version: 1.2 - Peter Pawlowski) FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM\...\Fraps) (Version: - ) Free Image Convert and Resize version (HKLM\...\Free Image Convert and Resize_is1) (Version: - DVDVideoSoft Ltd.) Free Video Dub version (HKLM\...\Free Video Dub_is1) (Version: - DVDVideoSoft Ltd.) Free Video to Flash Converter version (HKLM\...\Free Video to Flash Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Fusion's Chao Editor (HKLM\...\{BAAA4018-E873-49E4-B971-AA4E84D7A4CB}) (Version: 2.0 - Fusion) Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games) GameMaker: Studio (HKLM\...\Steam App 214850) (Version: - YoYo Games Ltd.) GameRanger (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\GameRanger) (Version: - GameRanger Technologies) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Team Garry) GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg) GIF Viewer 3.0 (HKLM\...\GIF Viewer) (Version: 3.0 - Stefan Wobbe) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Goat Simulator (HKLM\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (Version: - Google Inc.) Hidden Gunpoint (HKLM\...\Steam App 206190) (Version: - Suspicious Developments) Half-Life Dedicated Server Update Tool (HKLM\...\Half-Life Dedicated Server Update Tool) (Version: - ) HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - ) Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: - Hi-Rez Studios) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: - IObit) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Karos (HKLM\...\Steam App 337410) (Version: - Galaxy Gate) Kill Fun Yeah (HKLM\...\Steam App 301360) (Version: - Arctic Anteater) Killing Floor (HKLM\...\Steam App 1250) (Version: - Tripwire Interactive) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Legend of Dungeon (HKLM\...\Steam App 238280) (Version: - ) LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: - LogMeIn, Inc.) LogMeIn Hamachi (Version: - LogMeIn, Inc.) Hidden Lost Saga EU (HKLM\...\LostSagaEU) (Version: - IO Entertainment Co., Ltd.) Magic 2015 (HKLM\...\Steam App 255420) (Version: - Stainless Games) Magicite (HKLM\...\Steam App 268750) (Version: - SmashGames) Malwarebytes Anti-Malware Version (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation) McDROID (HKLM\...\Steam App 252970) (Version: - Elefantopia) MediaCoder (HKLM\...\MediaCoder) (Version: - Mediatronic) Metal Slug 3 (HKLM\...\Steam App 250180) (Version: - DotEmu) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Momodora III (HKLM\...\Steam App 302790) (Version: - rdein) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mumble 1.2.8 (HKLM\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming) Nidhogg (HKLM\...\Steam App 94400) (Version: - Messhof) Nosgoth (HKLM\...\Steam App 200110) (Version: - Psyonix) Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team) Nuclear Throne (HKLM\...\Steam App 242680) (Version: - Vlambeer) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation) NVIDIA HD-Audiotreiber (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Paint XP version 1.1 (HKLM\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC) PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID) Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations) Portal 2 Publishing Tool (HKLM\...\Steam App 644) (Version: - ) puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: - Dean Herbert) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: - Apple Inc.) Rayman 3 (HKLM\...\{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}) (Version: 1.00.000 - ) rayman2 (HKLM\...\rayman2) (Version: - ) Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Risk of Rain (HKLM\...\Steam App 248820) (Version: - ) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: - Apple Inc.) School of Dragons: How to Train Your Dragon (HKLM\...\Steam App 332070) (Version: - JumpStart Games, Inc.) Scratch (HKLM\...\Scratch) (Version: - MIT Media Lab Lifelong Kindergarten Group) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.3 - IObit) Sonic Adventure DX (HKLM\...\Steam App 71250) (Version: - SEGA) Sonic Adventure™ 2 (HKLM\...\Steam App 213610) (Version: - SEGA) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - ) Source SDK (HKLM\...\Steam App 211) (Version: - Valve) Spelunky (HKLM\...\Steam App 239350) (Version: - ) Spiral Knights (HKLM\...\Steam App 99900) (Version: - Three Rings) Spore (HKLM\...\Steam App 17390) (Version: - Maxis™) Spore: Creepy & Cute Parts Pack (HKLM\...\Steam App 17440) (Version: - Maxis™) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.) Starbound (HKLM\...\Steam App 211820) (Version: - ) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: - Valve Corporation) Steam Trading Card Beta Access (HKLM\...\Steam App 202352) (Version: - ) Super Amazing Wagon Adventure (HKLM\...\Steam App 250500) (Version: - sparsevector) Super Crate Box (HKLM\...\Steam App 212800) (Version: - Vlambeer) Super Time Force Ultra (HKLM\...\Steam App 250700) (Version: - Capybara Games) Tactical Intervention (HKLM\...\Steam App 51100) (Version: - FIX Korea, Co.LTD) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) Terraria (HKLM\...\Steam App 105600) (Version: - ) TEXTools (HKLM\...\TEXTools) (Version: - ) The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) The Long Dark (HKLM\...\Steam App 305620) (Version: - Hinterland Studio Inc.) The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe) Trust tablet driver (HKLM\...\RmTablet) (Version: 5.01 - ) Unturned (HKLM\...\Steam App 304930) (Version: - Nelson Sexton) Uplay (HKLM\...\Uplay) (Version: 4.4 - Ubisoft) Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM\...\Steam App 260230) (Version: - Ubisoft Montpellier) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) VTFEdit 1.2.5 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Wakfu (HKLM\...\Steam App 215080) (Version: - Ankama) War of the Human Tanks (HKLM\...\Steam App 263400) (Version: - Yakiniku Banzai) WG Screensaver Creator 1.0 (HKLM\...\{E0BE7153-5B7D-4214-9F2A-50EF466C27F7}) (Version: 1.0.0 - Web Grafitti) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version: - Awesome Games Studio) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-02-2015 22:22:59 Revo Uninstaller's restore point - IrfanView (remove only) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-02-08 14:31 - 2014-11-11 14:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2846072A-E0DD-4860-8C0A-1ACAAC461398} - System32\Tasks\{2F2F6436-443C-4DB6-BE51-B0A05CD0E50D} => Firefox.exe hxxp://ui.skype.com/ui/0/ Task: {3D86D8B5-B2E7-4224-A57C-5EF91E971F0D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe Task: {5C7B9C8C-4306-40B2-AC0A-3B4F415015D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {80589642-0FE5-4660-AE43-1922C9C2F8FE} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {8E80CBDE-57F1-4D6B-98FD-98D729DC56B4} - System32\Tasks\{ACE734F7-4BA5-42AA-A811-622FB7F5F719} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {A6FF3643-AE70-4C75-BADB-270DB796C7D9} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD458812-6927-499A-88C0-9DE4DAD71FD4} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {BA7BE60D-EBDA-4CD4-9548-C8D12BFD4381} - System32\Tasks\{73690E4B-8398-4ECC-8671-78C0B5E288C1} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {D62E7E9D-9435-4A8A-96E6-AF110899D171} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe Task: {ECD8E911-2D8D-4638-A34C-B9A2769EE151} - System32\Tasks\SmartDefragUpdate => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe Task: {F99FDABE-39FA-4DE5-8AE3-CCC5A10D73C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff420bbf7836b.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d000d6e515c56d.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job => c:\program files\mozilla firefox\firefox.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-07 19:30 - 2015-01-09 23:58 - 00107848 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-06-09 21:01 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-09-22 17:53 - 2012-10-19 10:05 - 00535552 _____ () C:\Windows\system32\atwtusb.exe 2014-06-09 21:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-06-09 21:01 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-09-22 17:53 - 2012-09-10 12:53 - 02963456 _____ () C:\Windows\System32\AtwtusbIcon.exe 2012-01-10 13:41 - 2014-07-25 13:47 - 00567880 _____ () C:\Program Files\puush\puush.exe 2014-08-28 23:36 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll 2014-05-21 19:51 - 2015-02-06 02:17 - 02357952 _____ () C:\Program Files\Steam\video.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2013-02-25 07:39 - 2015-02-06 02:16 - 00701632 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2013-02-19 11:48 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll 2015-01-27 07:37 - 2015-01-27 07:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-14 19:13 - 2015-01-28 02:30 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll 2015-01-25 09:49 - 2015-01-25 09:49 - 16844976 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4F78E2F6 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2811185551-369326641-1495617965-500 - Administrator - Disabled) computer (S-1-5-21-2811185551-369326641-1495617965-1000 - Administrator - Enabled) => C:\Users\computer Dr.Kawaii Fluury (S-1-5-21-2811185551-369326641-1495617965-1003 - Administrator - Enabled) => C:\Users\Dr.Kawaii Fluury Gast (S-1-5-21-2811185551-369326641-1495617965-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 10:22:53 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {71938a1f-9c2d-494e-9299-efd926c02ad1} Error: (02/04/2015 07:19:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version:, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version:, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1010 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/04/2015 02:19:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version:, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version:, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/01/2015 09:38:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: starbound.exe, Version:, Zeitstempel: 0x5f34535f Name des fehlerhaften Moduls: starbound.exe, Version:, Zeitstempel: 0x5f34535f Ausnahmecode: 0x40000015 Fehleroffset: 0x00501689 ID des fehlerhaften Prozesses: 0x1fb0 Startzeit der fehlerhaften Anwendung: 0xstarbound.exe0 Pfad der fehlerhaften Anwendung: starbound.exe1 Pfad des fehlerhaften Moduls: starbound.exe2 Berichtskennung: starbound.exe3 Error: (01/31/2015 06:42:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: TabHelper32.dll_unloaded, Version:, Zeitstempel: 0x52e0f866 Ausnahmecode: 0xc0000005 Fehleroffset: 0x5f016682 ID des fehlerhaften Prozesses: 0x132c Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (01/31/2015 02:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: starbound.exe, Version:, Zeitstempel: 0xc0300000 Name des fehlerhaften Moduls: starbound.exe, Version:, Zeitstempel: 0xc0300000 Ausnahmecode: 0x40000015 Fehleroffset: 0x00500049 ID des fehlerhaften Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0xstarbound.exe0 Pfad der fehlerhaften Anwendung: starbound.exe1 Pfad des fehlerhaften Moduls: starbound.exe2 Berichtskennung: starbound.exe3 Error: (01/31/2015 02:26:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: starbound.exe, Version:, Zeitstempel: 0xc0300000 Name des fehlerhaften Moduls: starbound.exe, Version:, Zeitstempel: 0xc0300000 Ausnahmecode: 0x40000015 Fehleroffset: 0x007b543d ID des fehlerhaften Prozesses: 0xfc4 Startzeit der fehlerhaften Anwendung: 0xstarbound.exe0 Pfad der fehlerhaften Anwendung: starbound.exe1 Pfad des fehlerhaften Moduls: starbound.exe2 Berichtskennung: starbound.exe3 Error: (01/31/2015 01:34:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version:, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version:, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1028 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/30/2015 06:25:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version:, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version:, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x568 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/27/2015 03:21:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (02/06/2015 01:34:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/06/2015 01:34:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (02/06/2015 01:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Virtueller Datenträger" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/06/2015 01:28:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Virtueller Datenträger erreicht. Error: (02/06/2015 01:28:02 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053vds{7D1933CB-86F6-4A98-8628-01BE94C9A575} Error: (02/06/2015 01:27:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14 Error: (02/06/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/06/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (02/06/2015 01:26:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Local Synchronization Host" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/06/2015 07:16:33 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Microsoft Office Sessions: ========================= Error: (02/05/2015 10:22:53 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {71938a1f-9c2d-494e-9299-efd926c02ad1} Error: (02/04/2015 07:19:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425101001d0407d4a61e315C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll57f5d758-ac9a-11e4-889f-001fd0287db9 Error: (02/04/2015 02:19:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142543001d0407adc0f040bC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll73878c9e-ac70-11e4-889f-001fd0287db9 Error: (02/01/2015 09:38:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: starbound.exe0.9.0.05f34535fstarbound.exe0.9.0.05f34535f40000015005016891fb001d03e59bd10e62fC:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exe559fa1b6-aa52-11e4-8add-001fd0287db9 Error: (01/31/2015 06:42:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d6727a7TabHelper32.dll_unloaded0.0.0.052e0f866c00000055f016682132c01d03d7d4e8d9216C:\Windows\explorer.exeTabHelper32.dll902fdfa7-a970-11e4-888f-001fd0287db9 Error: (01/31/2015 02:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: starbound.exe0.9.0.0c0300000starbound.exe0.9.0.0c0300000400000150050004963001d03d598a6e2218C:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exed6b5338f-a94c-11e4-888f-001fd0287db9 Error: (01/31/2015 02:26:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: starbound.exe0.9.0.0c0300000starbound.exe0.9.0.0c030000040000015007b543dfc401d03d560873e7b3C:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files\Steam\steamapps\common\Starbound\win32\starbound.exec7992eac-a94c-11e4-888f-001fd0287db9 Error: (01/31/2015 01:34:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425102801d03d39e429210aC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll76fefe8a-a945-11e4-888f-001fd0287db9 Error: (01/30/2015 06:25:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142556801d03ca94649d6c8C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllfedd96d6-a8a4-11e4-a3da-001fd0287db9 Error: (01/27/2015 03:21:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Users\Dr.Kawaii Fluury\Desktop\Programme\x64\VTFEdit.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 65% Total physical RAM: 2046.3 MB Available physical RAM: 715.21 MB Total Pagefile: 4092.61 MB Available Pagefile: 1512.55 MB Total Virtual: 2047.88 MB Available Virtual: 1916.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.16 GB) (Free:100.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 38.3 GB) (Disk ID: 1D2B1D2A) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E4E4E4E4) Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
![]() | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte ![]()
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 22:35:53 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-05.2 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86) # Benutzername : Dr.Kawaii Fluury - COMPUTER-PC # Gestarted von : C:\Users\Dr.Kawaii Fluury\Desktop\Programme\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0.1 (x86 de) -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [37625 Bytes] - [21/04/2014 19:02:16] AdwCleaner[R10].txt - [2349 Bytes] - [05/02/2015 19:15:36] AdwCleaner[R11].txt - [2499 Bytes] - [05/02/2015 21:01:12] AdwCleaner[R12].txt - [2039 Bytes] - [06/02/2015 22:33:41] AdwCleaner[R1].txt - [37931 Bytes] - [21/04/2014 19:04:06] AdwCleaner[R2].txt - [1322 Bytes] - [09/06/2014 20:45:57] AdwCleaner[R3].txt - [2046 Bytes] - [03/08/2014 17:29:40] AdwCleaner[R4].txt - [1875 Bytes] - [28/08/2014 17:05:38] AdwCleaner[R5].txt - [1696 Bytes] - [09/09/2014 15:41:14] AdwCleaner[R6].txt - [1704 Bytes] - [21/09/2014 21:49:38] AdwCleaner[R7].txt - [1764 Bytes] - [07/10/2014 17:10:59] AdwCleaner[R8].txt - [2548 Bytes] - [15/10/2014 14:45:38] AdwCleaner[R9].txt - [2168 Bytes] - [19/12/2014 23:10:39] AdwCleaner[S0].txt - [37502 Bytes] - [21/04/2014 19:06:18] AdwCleaner[S1].txt - [1385 Bytes] - [09/06/2014 20:48:09] AdwCleaner[S2].txt - [2107 Bytes] - [03/08/2014 17:31:33] AdwCleaner[S3].txt - [1936 Bytes] - [28/08/2014 17:08:04] AdwCleaner[S4].txt - [1757 Bytes] - [09/09/2014 16:32:00] AdwCleaner[S5].txt - [2559 Bytes] - [05/02/2015 21:03:17] AdwCleaner[S6].txt - [1960 Bytes] - [06/02/2015 22:35:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2019 Bytes] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Ultimate x86 Ran by Dr.Kawaii Fluury on 06.02.2015 at 22:47:19,90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63A15237-F99C-44D3-99EF-7B6550E5C57D} ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.02.2015 at 22:49:58,37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015 Ran by Dr.Kawaii Fluury (administrator) on COMPUTER-PC on 06-02-2015 22:53:42 Running from C:\Users\Dr.Kawaii Fluury\Desktop\Programme Loaded Profiles: Dr.Kawaii Fluury (Available profiles: computer & Dr.Kawaii Fluury) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe () C:\Windows\System32\AtwtusbIcon.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe () C:\Program Files\puush\puush.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Akamai Technologies, Inc.) C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Akamai Technologies, Inc.) C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Windows\System32\atwtusb.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Windows\System32\atwtusb.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (EJIE Technology) C:\Program Files\Clover\clover.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.) HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] () HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2874048 2015-02-06] (Valve Corporation) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [puush] => C:\Program Files\puush\puush.exe [567880 2014-07-25] () HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Dr.Kawaii Fluury\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\MountPoints2: {19918c29-09a0-11e3-8fb3-001fd0287db9} - E:\Startme.exe Startup: C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files\Clover\TabHelper32.dll (EJIE Technology) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: AdBlock for Firefox - C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-05] FF Extension: Personas Plus - C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Mozilla\Firefox\Profiles\fzxt57os.default-1423167299117\Extensions\personas@christopher.beard.xpi [2015-02-05] FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-01-27] FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-27] Chrome: ======= CHR Profile: C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30] CHR Extension: (Google Docs) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30] CHR Extension: (YouTube) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google-Suche) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Google Tabellen) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30] CHR Extension: (Avira Browser Safety) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-30] CHR Extension: (AdBlock) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-30] CHR Extension: (Google Wallet) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Google Mail) - C:\Users\Dr.Kawaii Fluury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-08] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [182304 2015-01-17] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2015-01-16] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1845096 2015-01-20] (LogMeIn Inc.) R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-10-25] (Hi-Rez Studios) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-28] (IObit) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-01-14] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] S3 npggsvc; C:\Windows\system32\GameMon.des [3101376 2014-12-15] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775816 2015-01-16] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WTService; C:\Windows\system32\atwtusb.exe [535552 2012-10-19] () [File not signed] S2 MainLSyncHost; c:\windows\system32\mpk\lsynchost.exe /startedbyscm:E4233B4F-40E3FE91-MPKService [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 apf004; C:\Windows\system32\apf004.sys [15112 2014-04-22] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-05-01] (Eugene V. Muzychenko) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed] R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18760 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] S3 XDva403; \??\C:\Windows\system32\XDva403.sys [X] S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X] S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:49 - 2015-02-06 22:49 - 00000906 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\JRT.txt 2015-02-06 22:46 - 2015-02-06 22:46 - 01388274 _____ (Thisisu) C:\Users\Dr.Kawaii Fluury\Desktop\JRT.exe 2015-02-06 15:54 - 2015-02-06 15:54 - 01577512 _____ ( ) C:\Users\Dr.Kawaii Fluury\Downloads\cpu-z_1.71-setup-en.exe 2015-02-06 15:53 - 2015-02-06 15:53 - 05133752 _____ (Piriform Ltd) C:\Users\Dr.Kawaii Fluury\Downloads\spsetup128.exe 2015-02-06 15:48 - 2015-02-06 15:49 - 00035895 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\Addition.txt 2015-02-06 15:46 - 2015-02-06 15:49 - 00033995 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\FRST.txt 2015-02-06 06:30 - 2015-02-06 22:53 - 00000000 ____D () C:\FRST 2015-02-05 22:16 - 2015-02-05 22:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dr.Kawaii Fluury\Downloads\revosetup.exe 2015-02-05 22:16 - 2015-02-05 22:16 - 00001222 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\Revo Uninstaller.lnk 2015-02-05 06:19 - 2015-02-05 06:19 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\Steam 2015-02-02 12:10 - 2015-02-02 12:11 - 06175244 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\dem bugs.mp4 2015-02-02 11:56 - 2015-02-02 11:58 - 544818824 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\nuclearthrone 2015-02-02 11-56-17-81.avi 2015-02-02 11:00 - 2015-02-02 11:00 - 01185351 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\7CZby9V.webm 2015-01-31 18:45 - 2015-01-31 18:45 - 00021721 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Local\recently-used.xbel 2015-01-30 18:09 - 2015-01-30 18:09 - 123779265 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\th145东方深秘录体验版[已打1.01补丁](C87).rar 2015-01-30 16:27 - 2015-02-05 21:05 - 00457936 _____ () C:\Windows\PFRO.log 2015-01-29 14:53 - 2015-01-29 15:15 - 99500292 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\Gun Locker.wav 2015-01-29 14:53 - 2015-01-29 15:09 - 67737692 _____ () C:\Users\Dr.Kawaii Fluury\Desktop\mus107 looped.wav 2015-01-29 14:22 - 2015-01-29 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-29 14:22 - 2015-01-29 14:22 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2015-01-28 06:24 - 2015-02-06 22:45 - 00652124 _____ () C:\Windows\WindowsUpdate.log 2015-01-28 06:19 - 2015-02-06 22:39 - 00003248 _____ () C:\Windows\setupact.log 2015-01-28 06:19 - 2015-01-28 06:19 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-27 17:50 - 2015-01-27 17:50 - 00000000 ____D () C:\Users\computer\Desktop\Paul 2015-01-27 17:42 - 2015-01-27 17:42 - 00000000 ____D () C:\Users\computer\AppData\Local\Clover 2015-01-27 14:59 - 2015-01-09 23:25 - 00621200 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2015-01-27 14:56 - 2015-01-13 05:15 - 00161424 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys 2015-01-27 14:56 - 2015-01-13 05:15 - 00027280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 24765584 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 20465296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 10774728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 10714304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 08465224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-27 14:56 - 2015-01-10 03:43 - 03245712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 01047880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234725.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00929424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00911504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234725.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00906568 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00877304 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00399504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00345744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00305320 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll 2015-01-27 14:56 - 2015-01-10 03:43 - 00164752 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll 2015-01-27 14:50 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys 2015-01-27 14:40 - 2015-01-27 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek 2015-01-27 14:40 - 2011-09-16 08:12 - 00027752 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys 2015-01-27 14:40 - 2011-06-15 14:11 - 00050280 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys 2015-01-27 14:40 - 2011-06-15 14:11 - 00027648 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys 2015-01-27 14:39 - 2015-01-27 14:39 - 00000000 ____D () C:\Program Files\Intel 2015-01-27 14:39 - 2010-03-02 09:04 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2015-01-27 14:38 - 2015-01-27 14:40 - 00000000 ____D () C:\Program Files\Realtek 2015-01-27 14:38 - 2011-09-29 10:30 - 00490088 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2015-01-27 14:38 - 2011-09-29 10:30 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll 2015-01-27 14:38 - 2011-09-29 10:30 - 00080416 _____ () C:\Windows\system32\RtNicProp32.dll 2015-01-27 07:37 - 2015-01-27 07:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-26 20:00 - 2015-01-26 20:00 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Documents\TacticalIntervention 2015-01-17 22:30 - 2015-01-17 22:30 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\.mono 2015-01-17 22:30 - 2015-01-17 22:28 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe 2015-01-17 21:26 - 2014-12-15 08:20 - 03101376 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des 2015-01-14 06:37 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 06:37 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 06:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 06:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 06:37 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 06:37 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:53 - 2013-02-26 18:06 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Programme 2015-02-06 22:48 - 2009-07-14 05:34 - 00019568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 22:48 - 2009-07-14 05:34 - 00019568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 22:41 - 2013-02-27 10:15 - 00000000 ____D () C:\Program Files\Common Files\Steam 2015-02-06 22:39 - 2013-04-01 18:45 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\LogMeIn Hamachi 2015-02-06 22:39 - 2013-02-27 10:15 - 00000000 ____D () C:\Program Files\Steam 2015-02-06 22:39 - 2009-07-14 03:04 - 00000418 _____ () C:\Windows\win.ini 2015-02-06 22:38 - 2013-12-07 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-06 22:35 - 2014-04-21 18:01 - 00000000 ____D () C:\AdwCleaner 2015-02-06 15:57 - 2014-08-21 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-02-06 15:57 - 2014-08-21 22:13 - 00000000 ____D () C:\Program Files\CPUID 2015-02-05 22:26 - 2013-05-29 21:29 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\IrfanView 2015-02-05 22:16 - 2014-12-19 23:44 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-05 20:51 - 2013-02-26 18:05 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury 2015-02-05 20:13 - 2014-08-16 16:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-05 07:20 - 2013-02-25 18:50 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-05 07:17 - 2013-07-07 14:42 - 00000000 ____D () C:\Users\computer\AppData\Local\LogMeIn Hamachi 2015-02-03 13:31 - 2014-11-18 13:39 - 00002193 _____ () C:\Users\computer\Desktop\Google Chrome.lnk 2015-02-03 06:18 - 2014-03-28 19:15 - 00000000 ____D () C:\ProgramData\ProductData 2015-02-02 14:22 - 2013-05-30 15:34 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\vlc 2015-02-01 10:52 - 2014-05-14 18:49 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Local\nuclearthrone 2015-01-31 19:25 - 2013-04-30 18:33 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\.gimp-2.8 2015-01-31 18:37 - 2013-03-10 07:10 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Sonstiges 2015-01-30 11:33 - 2013-04-01 14:04 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Audacity 2015-01-28 23:10 - 2013-02-26 21:16 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Skype 2015-01-27 21:00 - 2013-02-25 18:27 - 00000000 ____D () C:\M 2015-01-27 15:45 - 2014-08-06 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2015-01-27 15:26 - 2013-05-07 16:16 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Musik 2015-01-27 15:23 - 2013-09-08 19:58 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Wubwub 2015-01-27 15:03 - 2014-01-04 22:40 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Reactions 2015-01-27 15:03 - 2012-05-11 13:30 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\Desktop\Bilder 2015-01-27 15:00 - 2013-12-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-27 14:40 - 2013-09-05 15:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-27 14:28 - 2013-07-02 15:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-27 07:22 - 2014-02-12 07:11 - 00000000 ____D () C:\Users\computer\AppData\Local\NVIDIA 2015-01-27 07:21 - 2014-02-12 07:41 - 00000000 ____D () C:\Users\computer\AppData\Local\NVIDIA Corporation 2015-01-25 09:49 - 2013-02-27 08:12 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-25 09:49 - 2013-02-27 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-25 09:49 - 2013-02-27 08:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-24 09:38 - 2014-09-20 09:06 - 00000000 ___RD () C:\Program Files\Skype 2015-01-24 09:38 - 2013-02-26 21:02 - 00000000 ____D () C:\ProgramData\Skype 2015-01-21 21:16 - 2013-11-09 19:59 - 00000000 ____D () C:\AeriaGames 2015-01-16 07:41 - 2014-06-02 20:04 - 01316184 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll 2015-01-16 07:41 - 2013-12-07 19:50 - 01278920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll 2015-01-14 20:39 - 2013-05-01 11:55 - 00000000 ____D () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\foobar2000 2015-01-14 11:32 - 2013-04-01 18:45 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-14 07:24 - 2013-07-14 22:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 07:19 - 2013-02-28 17:43 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 05:15 - 2014-01-08 17:43 - 00908608 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll 2015-01-10 03:43 - 2013-12-07 19:35 - 00060560 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-01-10 03:43 - 2013-12-07 19:34 - 16009120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-01-10 03:43 - 2013-12-07 19:34 - 14116136 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-01-10 03:43 - 2013-12-07 19:33 - 02902272 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-01-10 03:43 - 2013-02-25 23:22 - 00022594 _____ () C:\Windows\system32\nvinfo.pb 2015-01-09 23:58 - 2013-12-07 19:30 - 04404040 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 03057808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 02554184 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 00670352 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-09 23:58 - 2013-12-07 19:30 - 00374928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-09 23:58 - 2013-12-07 19:30 - 00061584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-09 18:46 - 2013-12-07 19:30 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin ==================== Files in the root of some directories ======= 2014-09-01 20:18 - 2014-12-01 22:12 - 0000139 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\licecap.ini 2014-06-19 10:12 - 2014-06-19 10:12 - 0000024 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Roaming\temp.ini 2015-01-31 18:45 - 2015-01-31 18:45 - 0021721 _____ () C:\Users\Dr.Kawaii Fluury\AppData\Local\recently-used.xbel 2013-08-30 16:35 - 2013-07-01 16:36 - 0000032 ____R () C:\ProgramData\hash.dat Files to move or delete: ==================== C:\ProgramData\hash.dat C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job Some content of TEMP: ==================== C:\Users\computer\AppData\Local\Temp\AskSLib.dll C:\Users\computer\AppData\Local\Temp\avgnt.exe C:\Users\computer\AppData\Local\Temp\uninst1.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\avgnt.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\iv_uninstall.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\Quarantine.exe C:\Users\Dr.Kawaii Fluury\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-09-02 14:53 ==================== End Of Log ============================ Code:
ATTFilter rayman2 (HKLM\...\rayman2) (Version: - ) Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Risk of Rain (HKLM\...\Steam App 248820) (Version: - ) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: - Apple Inc.) School of Dragons: How to Train Your Dragon (HKLM\...\Steam App 332070) (Version: - JumpStart Games, Inc.) Scratch (HKLM\...\Scratch) (Version: - MIT Media Lab Lifelong Kindergarten Group) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.3 - IObit) Sonic Adventure DX (HKLM\...\Steam App 71250) (Version: - SEGA) Sonic Adventure™ 2 (HKLM\...\Steam App 213610) (Version: - SEGA) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - ) Source SDK (HKLM\...\Steam App 211) (Version: - Valve) Spelunky (HKLM\...\Steam App 239350) (Version: - ) Spiral Knights (HKLM\...\Steam App 99900) (Version: - Three Rings) Spore (HKLM\...\Steam App 17390) (Version: - Maxis™) Spore: Creepy & Cute Parts Pack (HKLM\...\Steam App 17440) (Version: - Maxis™) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.) Starbound (HKLM\...\Steam App 211820) (Version: - ) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: - Valve Corporation) Steam Trading Card Beta Access (HKLM\...\Steam App 202352) (Version: - ) Super Amazing Wagon Adventure (HKLM\...\Steam App 250500) (Version: - sparsevector) Super Crate Box (HKLM\...\Steam App 212800) (Version: - Vlambeer) Super Time Force Ultra (HKLM\...\Steam App 250700) (Version: - Capybara Games) Tactical Intervention (HKLM\...\Steam App 51100) (Version: - FIX Korea, Co.LTD) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) Terraria (HKLM\...\Steam App 105600) (Version: - ) TEXTools (HKLM\...\TEXTools) (Version: - ) The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) The Long Dark (HKLM\...\Steam App 305620) (Version: - Hinterland Studio Inc.) The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe) Trust tablet driver (HKLM\...\RmTablet) (Version: 5.01 - ) Unturned (HKLM\...\Steam App 304930) (Version: - Nelson Sexton) Uplay (HKLM\...\Uplay) (Version: 4.4 - Ubisoft) Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM\...\Steam App 260230) (Version: - Ubisoft Montpellier) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) VTFEdit 1.2.5 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Wakfu (HKLM\...\Steam App 215080) (Version: - Ankama) War of the Human Tanks (HKLM\...\Steam App 263400) (Version: - Yakiniku Banzai) WG Screensaver Creator 1.0 (HKLM\...\{E0BE7153-5B7D-4214-9F2A-50EF466C27F7}) (Version: 1.0.0 - Web Grafitti) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version: - Awesome Games Studio) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-02-2015 22:22:59 Revo Uninstaller's restore point - IrfanView (remove only) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-02-08 14:31 - 2014-11-11 14:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2846072A-E0DD-4860-8C0A-1ACAAC461398} - System32\Tasks\{2F2F6436-443C-4DB6-BE51-B0A05CD0E50D} => Firefox.exe hxxp://ui.skype.com/ui/0/ Task: {3D86D8B5-B2E7-4224-A57C-5EF91E971F0D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe Task: {5C7B9C8C-4306-40B2-AC0A-3B4F415015D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {80589642-0FE5-4660-AE43-1922C9C2F8FE} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {8E80CBDE-57F1-4D6B-98FD-98D729DC56B4} - System32\Tasks\{ACE734F7-4BA5-42AA-A811-622FB7F5F719} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {A6FF3643-AE70-4C75-BADB-270DB796C7D9} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD458812-6927-499A-88C0-9DE4DAD71FD4} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {BA7BE60D-EBDA-4CD4-9548-C8D12BFD4381} - System32\Tasks\{73690E4B-8398-4ECC-8671-78C0B5E288C1} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {D62E7E9D-9435-4A8A-96E6-AF110899D171} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe Task: {ECD8E911-2D8D-4638-A34C-B9A2769EE151} - System32\Tasks\SmartDefragUpdate => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe Task: {F99FDABE-39FA-4DE5-8AE3-CCC5A10D73C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff420bbf7836b.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d000d6e515c56d.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job => c:\program files\mozilla firefox\firefox.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-07 19:30 - 2015-01-09 23:58 - 00107848 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-06-09 21:01 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-09-22 17:53 - 2012-09-10 12:53 - 02963456 _____ () C:\Windows\System32\AtwtusbIcon.exe 2014-08-28 23:36 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll 2014-05-21 19:51 - 2015-02-06 02:17 - 02357952 _____ () C:\Program Files\Steam\video.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2013-02-25 07:39 - 2015-02-06 02:16 - 00701632 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2012-01-10 13:41 - 2014-07-25 13:47 - 00567880 _____ () C:\Program Files\puush\puush.exe 2014-09-22 17:53 - 2012-10-19 10:05 - 00535552 _____ () C:\Windows\system32\atwtusb.exe 2014-06-09 21:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-06-09 21:01 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-01-27 07:37 - 2015-01-27 07:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-02-19 11:48 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll 2014-08-14 19:13 - 2015-01-28 02:30 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4F78E2F6 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2811185551-369326641-1495617965-500 - Administrator - Disabled) computer (S-1-5-21-2811185551-369326641-1495617965-1000 - Administrator - Enabled) => C:\Users\computer Dr.Kawaii Fluury (S-1-5-21-2811185551-369326641-1495617965-1003 - Administrator - Enabled) => C:\Users\Dr.Kawaii Fluury Gast (S-1-5-21-2811185551-369326641-1495617965-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2015 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: taskbarcpl.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000a816 ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 System errors: ============= Microsoft Office Sessions: ========================= Error: (02/06/2015 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d6727a7taskbarcpl.dll6.1.7601.175144ce7ba10c00000050000a81616e801d04257439aa5cdC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll84a5b9b5-ae4a-11e4-8a6d-001fd0287db9 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 63% Total physical RAM: 2046.3 MB Available physical RAM: 750.23 MB Total Pagefile: 4092.61 MB Available Pagefile: 2240.76 MB Total Virtual: 2047.88 MB Available Virtual: 1916.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.16 GB) (Free:99.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 38.3 GB) (Disk ID: 1D2B1D2A) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E4E4E4E4) Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
![]() | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) addition.txt ist unvollständig
__________________ --> Adware, allerdings nur auf einer Seite. (meines Wissens.) |
![]() | #7 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Ah, entschuldigung. FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015 Ran by Dr.Kawaii Fluury at 2015-02-06 22:54:48 Running from C:\Users\Dr.Kawaii Fluury\Desktop\Programme Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\uTorrent) (Version: - BitTorrent Inc.) 100% Orange Juice (HKLM\...\Steam App 282800) (Version: - Orange_Juice) 32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers) Ace of Spades (HKLM\...\Steam App 224540) (Version: - ) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - Apple Inc.) Artweaver 1.0 (HKLM\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software) Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: - Avira) BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth) Besiege (HKLM\...\Steam App 346010) (Version: - Spiderling Studios) BleachBit (HKLM\...\BleachBit) (Version: 1.6 - BleachBit) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) Championsheep Rally (HKLM\...\Championsheep Rally) (Version: - Frogster Interactive Pictures) Clover 3.0 (HKLM\...\Clover) (Version: 3.0 - EJIE Technology) Codename Gordon (HKLM\...\Steam App 92) (Version: - Nuclear Vision) Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version: - Brace Yourself Games) Cube World version 0.0.1 (HKLM\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DARK SOULS™ II (HKLM\...\Steam App 236430) (Version: - FromSoftware, Inc) Don't Starve (HKLM\...\Steam App 219740) (Version: - ) Don't Starve Together Beta (HKLM\...\Steam App 322330) (Version: - Klei Entertainment) Dungeon of the Endless (HKLM\...\Steam App 249050) (Version: - AMPLITUDE Studios) Elsword (HKLM\...\Steam App 237310) (Version: - KOG) Eryi's Action (HKLM\...\Steam App 261700) (Version: - Xtal Sword) ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Fist of Jesus (HKLM\...\Steam App 321110) (Version: - Mutant Games) foobar2000 v1.2 (HKLM\...\foobar2000) (Version: 1.2 - Peter Pawlowski) FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM\...\Fraps) (Version: - ) Free Image Convert and Resize version (HKLM\...\Free Image Convert and Resize_is1) (Version: - DVDVideoSoft Ltd.) Free Video Dub version (HKLM\...\Free Video Dub_is1) (Version: - DVDVideoSoft Ltd.) Free Video to Flash Converter version (HKLM\...\Free Video to Flash Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Fusion's Chao Editor (HKLM\...\{BAAA4018-E873-49E4-B971-AA4E84D7A4CB}) (Version: 2.0 - Fusion) Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games) GameMaker: Studio (HKLM\...\Steam App 214850) (Version: - YoYo Games Ltd.) GameRanger (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\GameRanger) (Version: - GameRanger Technologies) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Team Garry) GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg) GIF Viewer 3.0 (HKLM\...\GIF Viewer) (Version: 3.0 - Stefan Wobbe) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Goat Simulator (HKLM\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (Version: - Google Inc.) Hidden Gunpoint (HKLM\...\Steam App 206190) (Version: - Suspicious Developments) Half-Life Dedicated Server Update Tool (HKLM\...\Half-Life Dedicated Server Update Tool) (Version: - ) HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - ) Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: - Hi-Rez Studios) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: - IObit) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Karos (HKLM\...\Steam App 337410) (Version: - Galaxy Gate) Kill Fun Yeah (HKLM\...\Steam App 301360) (Version: - Arctic Anteater) Killing Floor (HKLM\...\Steam App 1250) (Version: - Tripwire Interactive) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Legend of Dungeon (HKLM\...\Steam App 238280) (Version: - ) LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: - LogMeIn, Inc.) LogMeIn Hamachi (Version: - LogMeIn, Inc.) Hidden Lost Saga EU (HKLM\...\LostSagaEU) (Version: - IO Entertainment Co., Ltd.) Magic 2015 (HKLM\...\Steam App 255420) (Version: - Stainless Games) Magicite (HKLM\...\Steam App 268750) (Version: - SmashGames) Malwarebytes Anti-Malware Version (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation) McDROID (HKLM\...\Steam App 252970) (Version: - Elefantopia) MediaCoder (HKLM\...\MediaCoder) (Version: - Mediatronic) Metal Slug 3 (HKLM\...\Steam App 250180) (Version: - DotEmu) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Momodora III (HKLM\...\Steam App 302790) (Version: - rdein) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mumble 1.2.8 (HKLM\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming) Nidhogg (HKLM\...\Steam App 94400) (Version: - Messhof) Nosgoth (HKLM\...\Steam App 200110) (Version: - Psyonix) Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team) Nuclear Throne (HKLM\...\Steam App 242680) (Version: - Vlambeer) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation) NVIDIA HD-Audiotreiber (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Paint XP version 1.1 (HKLM\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC) PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID) Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations) Portal 2 Publishing Tool (HKLM\...\Steam App 644) (Version: - ) puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: - Dean Herbert) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: - Apple Inc.) Rayman 3 (HKLM\...\{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}) (Version: 1.00.000 - ) rayman2 (HKLM\...\rayman2) (Version: - ) Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Risk of Rain (HKLM\...\Steam App 248820) (Version: - ) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: - Apple Inc.) School of Dragons: How to Train Your Dragon (HKLM\...\Steam App 332070) (Version: - JumpStart Games, Inc.) Scratch (HKLM\...\Scratch) (Version: - MIT Media Lab Lifelong Kindergarten Group) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.3 - IObit) Sonic Adventure DX (HKLM\...\Steam App 71250) (Version: - SEGA) Sonic Adventure™ 2 (HKLM\...\Steam App 213610) (Version: - SEGA) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - ) Source SDK (HKLM\...\Steam App 211) (Version: - Valve) Spelunky (HKLM\...\Steam App 239350) (Version: - ) Spiral Knights (HKLM\...\Steam App 99900) (Version: - Three Rings) Spore (HKLM\...\Steam App 17390) (Version: - Maxis™) Spore: Creepy & Cute Parts Pack (HKLM\...\Steam App 17440) (Version: - Maxis™) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.) Starbound (HKLM\...\Steam App 211820) (Version: - ) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: - Valve Corporation) Steam Trading Card Beta Access (HKLM\...\Steam App 202352) (Version: - ) Super Amazing Wagon Adventure (HKLM\...\Steam App 250500) (Version: - sparsevector) Super Crate Box (HKLM\...\Steam App 212800) (Version: - Vlambeer) Super Time Force Ultra (HKLM\...\Steam App 250700) (Version: - Capybara Games) Tactical Intervention (HKLM\...\Steam App 51100) (Version: - FIX Korea, Co.LTD) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-2811185551-369326641-1495617965-1003\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) Terraria (HKLM\...\Steam App 105600) (Version: - ) TEXTools (HKLM\...\TEXTools) (Version: - ) The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) The Long Dark (HKLM\...\Steam App 305620) (Version: - Hinterland Studio Inc.) The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe) Trust tablet driver (HKLM\...\RmTablet) (Version: 5.01 - ) Unturned (HKLM\...\Steam App 304930) (Version: - Nelson Sexton) Uplay (HKLM\...\Uplay) (Version: 4.4 - Ubisoft) Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM\...\Steam App 260230) (Version: - Ubisoft Montpellier) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) VTFEdit 1.2.5 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Wakfu (HKLM\...\Steam App 215080) (Version: - Ankama) War of the Human Tanks (HKLM\...\Steam App 263400) (Version: - Yakiniku Banzai) WG Screensaver Creator 1.0 (HKLM\...\{E0BE7153-5B7D-4214-9F2A-50EF466C27F7}) (Version: 1.0.0 - Web Grafitti) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version: - Awesome Games Studio) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-02-2015 22:22:59 Revo Uninstaller's restore point - IrfanView (remove only) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-02-08 14:31 - 2014-11-11 14:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2846072A-E0DD-4860-8C0A-1ACAAC461398} - System32\Tasks\{2F2F6436-443C-4DB6-BE51-B0A05CD0E50D} => Firefox.exe hxxp://ui.skype.com/ui/0/ Task: {3D86D8B5-B2E7-4224-A57C-5EF91E971F0D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe Task: {5C7B9C8C-4306-40B2-AC0A-3B4F415015D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {80589642-0FE5-4660-AE43-1922C9C2F8FE} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {8E80CBDE-57F1-4D6B-98FD-98D729DC56B4} - System32\Tasks\{ACE734F7-4BA5-42AA-A811-622FB7F5F719} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {A6FF3643-AE70-4C75-BADB-270DB796C7D9} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD458812-6927-499A-88C0-9DE4DAD71FD4} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {BA7BE60D-EBDA-4CD4-9548-C8D12BFD4381} - System32\Tasks\{73690E4B-8398-4ECC-8671-78C0B5E288C1} => C:\Users\Dr.Kawaii Fluury\Desktop\Touhou\12.8 妖精大戦争\Touhou 12.8 aka Baka Wars.exe Task: {D62E7E9D-9435-4A8A-96E6-AF110899D171} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe Task: {ECD8E911-2D8D-4638-A34C-B9A2769EE151} - System32\Tasks\SmartDefragUpdate => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe Task: {F99FDABE-39FA-4DE5-8AE3-CCC5A10D73C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff420bbf7836b.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d000d6e515c56d.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job => c:\program files\mozilla firefox\firefox.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-07 19:30 - 2015-01-09 23:58 - 00107848 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-06-09 21:01 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-06-09 21:01 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-09-22 17:53 - 2012-09-10 12:53 - 02963456 _____ () C:\Windows\System32\AtwtusbIcon.exe 2014-08-28 23:36 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll 2014-12-02 22:54 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll 2014-05-21 19:51 - 2015-02-06 02:17 - 02357952 _____ () C:\Program Files\Steam\video.dll 2014-08-28 23:36 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2013-02-25 07:39 - 2015-02-06 02:16 - 00701632 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2012-01-10 13:41 - 2014-07-25 13:47 - 00567880 _____ () C:\Program Files\puush\puush.exe 2014-09-22 17:53 - 2012-10-19 10:05 - 00535552 _____ () C:\Windows\system32\atwtusb.exe 2014-06-09 21:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-06-09 21:01 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-01-27 07:37 - 2015-01-27 07:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-02-19 11:48 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll 2014-08-14 19:13 - 2015-01-28 02:30 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4F78E2F6 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2811185551-369326641-1495617965-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Dr.Kawaii Fluury\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2811185551-369326641-1495617965-500 - Administrator - Disabled) computer (S-1-5-21-2811185551-369326641-1495617965-1000 - Administrator - Enabled) => C:\Users\computer Dr.Kawaii Fluury (S-1-5-21-2811185551-369326641-1495617965-1003 - Administrator - Enabled) => C:\Users\Dr.Kawaii Fluury Gast (S-1-5-21-2811185551-369326641-1495617965-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2015 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: taskbarcpl.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000a816 ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 System errors: ============= Microsoft Office Sessions: ========================= Error: (02/06/2015 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d6727a7taskbarcpl.dll6.1.7601.175144ce7ba10c00000050000a81616e801d04257439aa5cdC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll84a5b9b5-ae4a-11e4-8a6d-001fd0287db9 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 63% Total physical RAM: 2046.3 MB Available physical RAM: 750.23 MB Total Pagefile: 4092.61 MB Available Pagefile: 2240.76 MB Total Virtual: 2047.88 MB Available Virtual: 1916.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.16 GB) (Free:99.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 38.3 GB) (Disk ID: 1D2B1D2A) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E4E4E4E4) Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hier der vollständige. |
![]() | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path C:\ProgramData\hash.dat C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #9 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.)Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015 Ran by Dr.Kawaii Fluury at 2015-02-07 00:20:00 Run:1 Running from C:\Users\Dr.Kawaii Fluury\Desktop Loaded Profiles: Dr.Kawaii Fluury (Available profiles: computer & Dr.Kawaii Fluury) Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path C:\ProgramData\hash.dat C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job EmptyTemp: Hosts: ***************** HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully. HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. C:\ProgramData\hash.dat => Moved successfully. C:\Windows\Tasks\{169360A7-9E4F-4B10-9796-2739573A11EE}.job => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 742.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 00:21:14 ==== |
![]() | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte ![]()
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #11 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.)Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.02.2015 Suchlauf-Zeit: 17:16:56 Logdatei: mbam.txt Administrator: Ja Version: Malware Datenbank: v2015.02.07.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Dr.Kawaii Fluury Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 373098 Verstrichene Zeit: 18 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=42d7b8ca98b97d4bb244e4d04d39f0b9 # engine=22356 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-08 12:49:37 # local_time=2015-02-08 01:49:37 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 36740 288779867 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 49830192 174987768 0 0 # scanned=790399 # found=68 # cleaned=0 # scan_time=29090 sh=A6D12B550B7160C6E5D2227943ECB8F5ADF8F41F ft=1 fh=fe5fb98395aa12e3 vn="Variante von Win32/Toolbar.Iminent.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Umbrella\umbrella.exe.vir" sh=5EB5E13A96E13527D102DCA2000D5396E4001CCF ft=1 fh=f31cadf734d4ccb9 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll.vir" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=806043854DBA08409D093C986B3208A5D4A512BA ft=1 fh=d6daed42d6889765 vn="Win32/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir" sh=EBE113C41976B63D9645B60AF83CC8487555950D ft=1 fh=75c1fb4d2ef4de76 vn="Win32/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir" sh=9BAF667499AA6AD943B26B82408C69BDF9D2D942 ft=1 fh=e046ea995fe5496f vn="Win64/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir" sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir" sh=60DF417037197BB71547FC35CAC95C41F428D418 ft=1 fh=44d029b316bd3b56 vn="Win32/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir" sh=DB07648D185FE4A0448EDD08B409A3E90AE86B91 ft=1 fh=a325f42d455d8a90 vn="Win64/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir" sh=EA111903F48C1CB7FE5056509351A88EFE85114F ft=1 fh=0f73ddfd31d1def0 vn="Win32/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir" sh=5ACD70AEF338DE125F116CAFD8F1A8E0DCE0F595 ft=1 fh=77a0e7322f7f54d8 vn="Variante von Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe.vir" sh=EC1AE1832E769D6143CFD319DF7CA3C737A62BB5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\gxarsf4f.default\Extensions\webbooster@iminent.com.xpi.vir" sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dr.Kawaii Fluury\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DR4100~1.KAW\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=4D55CDD429CCC1A4758863A88B1B012AD4AD58A9 ft=1 fh=fa2b6d8baa49f691 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=354BDD57F49997D0A1AB3BADA1339CB33765898B ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Anwendungsdaten\Mozilla\Firefox\Profiles\eof33nq3.default\extensions\plugin@yontoo.com.xpi" sh=3506A689F0AB68F1EFE7828D4FEF6D171722A8EE ft=1 fh=3073f3f0f3af2fd4 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\dffsetup-dwmapi.exe" sh=5AED82367EAAF230DD5568E800A7B5DA4713C8AE ft=1 fh=c09653c756531741 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(1).exe" sh=AACEB38727983D4DECD027AB03C85A036DF0A43D ft=1 fh=2b4998118a2cda77 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(2).exe" sh=509931418DEB6B75185A9AAF4E687297D6F5CF61 ft=1 fh=98bdefe44f6519ae vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload.exe" sh=07CF040FEFA25DFDA4287BAB632EAB806E294695 ft=1 fh=0db8f293d4a19d8f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubetoMP3Converter(1).exe" sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter(2).exe" sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe" sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter31126.exe" sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe" sh=EAAC36A3A0D519E9943000DF69CCAC68C92598D4 ft=1 fh=2ceaca49965a9861 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_mcpatcher.exe" sh=7AA47BFF13189519061F2D7D4135ABF0467D7F9E ft=1 fh=574b6a7f1e4e54a0 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit(1).exe" sh=ED3BB465A3C80B63785F69270CA2952225FD21C9 ft=1 fh=a7addd61c1e09aa3 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit.exe" sh=707B1211CC45270D4AC113DEEAC390F03EE04BD3 ft=1 fh=4290f1c69f1d583d vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_painttool-sai.exe" sh=03406AC969A32995A7F99E913B8E773D90E0D61C ft=1 fh=ff4597981c152035 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_virtual-audio-cable.exe" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe" sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll" sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\ldrtbDVDV.dll" sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\tbDVDV.dll" sh=FA93CBC3743E72D1330FB72049031808BBD0250B ft=1 fh=8496dd896c58edda vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=902DBE67A58C96173CBA9D607B57D5C6AA8070EF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Anwendungsdaten\Mozilla\Firefox\Profiles\gwjqcd1z.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\chrome\games_bar_1.jar" sh=E5AB41BD9FC5166F039421C8F3B022752C3C605A ft=1 fh=9bffae5f27f9209e vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe" sh=951C4DFA16D6BA51ADD3B86614520E3E5F53A4D5 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\LevelR_Multi_Downloader(3).exe" sh=15ADCFDD67BF6871B019114B040B5CA433C21621 ft=1 fh=57814fb044b3d986 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero BackItUp Final.exe" sh=23CFABB8A92977DD750A4F1E14047B3D2F6AD83C ft=1 fh=bf5caa3f72831846 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero MediaHome Final.exe" sh=4491DB119AD0D71D0852938E3EB5AA87173F085B ft=1 fh=f0a136bce1275e4a vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero Move it .exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\ldrtbBro0.dll" sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro0.dll" sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro1.dll" sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro2.dll" sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll" sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe" sh=CE2387651DE2A218011CF3CF3E356C941D6C15E7 ft=1 fh=bb7db9786797ff59 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NexonEU\LostSagaEU\lostsaga.exe" sh=E5AB41BD9FC5166F039421C8F3B022752C3C605A ft=1 fh=9bffae5f27f9209e vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\FreeYouTubeToMP3Converter.exe" sh=951C4DFA16D6BA51ADD3B86614520E3E5F53A4D5 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\LevelR_Multi_Downloader(3).exe" sh=15ADCFDD67BF6871B019114B040B5CA433C21621 ft=1 fh=57814fb044b3d986 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero BackItUp Final.exe" sh=23CFABB8A92977DD750A4F1E14047B3D2F6AD83C ft=1 fh=bf5caa3f72831846 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero MediaHome Final.exe" sh=4491DB119AD0D71D0852938E3EB5AA87173F085B ft=1 fh=f0a136bce1275e4a vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero Move it .exe" sh=5B293CDD6C1E24E8EF2CCAD6D39E54F1EFD1C4C7 ft=1 fh=40d68ff3947b7fb7 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Desktop\Programme\Games\Lost Saga\LostSagaEU_Full.exe" sh=3506A689F0AB68F1EFE7828D4FEF6D171722A8EE ft=1 fh=3073f3f0f3af2fd4 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\dffsetup-dwmapi.exe" sh=5AED82367EAAF230DD5568E800A7B5DA4713C8AE ft=1 fh=c09653c756531741 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(1).exe" sh=AACEB38727983D4DECD027AB03C85A036DF0A43D ft=1 fh=2b4998118a2cda77 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(2).exe" sh=509931418DEB6B75185A9AAF4E687297D6F5CF61 ft=1 fh=98bdefe44f6519ae vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload.exe" sh=07CF040FEFA25DFDA4287BAB632EAB806E294695 ft=1 fh=0db8f293d4a19d8f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubetoMP3Converter(1).exe" sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter(2).exe" sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter.exe" sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter31126.exe" sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe" sh=252BB7CF6BF5619E419841122325024A250E1D93 ft=1 fh=7b04b13f4f8fa2f6 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Downloads\asc-setup.exe" sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Gif_To_Swf_Converter-ORG-10912145.exe" sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Textools-ORG-10382457.exe" sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi145-Textools-ORG-10382457.exe" sh=0F4E52400FE76627B006A3A1B64BB7F9735AF475 ft=0 fh=0000000000000000 vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dr.Kawaii Fluury\Downloads\GifToSwfConverter_setup.zip" |
![]() | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Dokumente und Einstellungen\Alex xD\Anwendungsdaten\Mozilla\Firefox\Profiles\eof33nq3.default\extensions\plugin@yontoo.com.xpi C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\dffsetup-dwmapi.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(2).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubetoMP3Converter(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter(2).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter31126.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_mcpatcher.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_painttool-sai.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_virtual-audio-cable.exe C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\ldrtbDVDV.dll C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\tbDVDV.dll C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll C:\Dokumente und Einstellungen\Paul\Anwendungsdaten\Mozilla\Firefox\Profiles\gwjqcd1z.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\chrome\games_bar_1.jar C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\LevelR_Multi_Downloader(3).exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero BackItUp Final.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero MediaHome Final.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero Move it .exe C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\ldrtbBro0.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro0.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro1.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro2.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe C:\Program Files\NexonEU\LostSagaEU\lostsaga.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\FreeYouTubeToMP3Converter.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\LevelR_Multi_Downloader(3).exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero BackItUp Final.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero MediaHome Final.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero Move it .exe C:\Users\Dr.Kawaii Fluury\Desktop\Programme\Games\Lost Saga\LostSagaEU_Full.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\dffsetup-dwmapi.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(1).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(2).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubetoMP3Converter(1).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter(2).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter31126.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe C:\Users\Dr.Kawaii Fluury\Downloads\asc-setup.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Gif_To_Swf_Converter-ORG-10912145.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Textools-ORG-10382457.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi145-Textools-ORG-10382457.exe C:\Users\Dr.Kawaii Fluury\Downloads\GifToSwfConverter_setup.zip EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #13 |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.)Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015 Ran by Dr.Kawaii Fluury at 2015-02-08 14:05:49 Run:2 Running from C:\Users\Dr.Kawaii Fluury\Desktop Loaded Profiles: Dr.Kawaii Fluury (Available profiles: computer & Dr.Kawaii Fluury) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Dokumente und Einstellungen\Alex xD\Anwendungsdaten\Mozilla\Firefox\Profiles\eof33nq3.default\extensions\plugin@yontoo.com.xpi C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\dffsetup-dwmapi.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(2).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubetoMP3Converter(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter(2).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter31126.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_mcpatcher.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit(1).exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_painttool-sai.exe C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_virtual-audio-cable.exe C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\ldrtbDVDV.dll C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\tbDVDV.dll C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll C:\Dokumente und Einstellungen\Paul\Anwendungsdaten\Mozilla\Firefox\Profiles\gwjqcd1z.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\chrome\games_bar_1.jar C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\LevelR_Multi_Downloader(3).exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero BackItUp Final.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero MediaHome Final.exe C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero Move it .exe C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\ldrtbBro0.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro0.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro1.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro2.dll C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe C:\Program Files\NexonEU\LostSagaEU\lostsaga.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\FreeYouTubeToMP3Converter.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\LevelR_Multi_Downloader(3).exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero BackItUp Final.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero MediaHome Final.exe C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero Move it .exe C:\Users\Dr.Kawaii Fluury\Desktop\Programme\Games\Lost Saga\LostSagaEU_Full.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\dffsetup-dwmapi.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(1).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(2).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubetoMP3Converter(1).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter(2).exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter31126.exe C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe C:\Users\Dr.Kawaii Fluury\Downloads\asc-setup.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Gif_To_Swf_Converter-ORG-10912145.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Textools-ORG-10382457.exe C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi145-Textools-ORG-10382457.exe C:\Users\Dr.Kawaii Fluury\Downloads\GifToSwfConverter_setup.zip EmptyTemp: Hosts: ***************** C:\Dokumente und Einstellungen\Alex xD\Anwendungsdaten\Mozilla\Firefox\Profiles\eof33nq3.default\extensions\plugin@yontoo.com.xpi => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\dffsetup-dwmapi.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(1).exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload(2).exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeDownload.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubetoMP3Converter(1).exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter(2).exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter31126.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_mcpatcher.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit(1).exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_minecraft-skinedit.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_painttool-sai.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Eigene Dateien\Downloads\SoftonicDownloader_fuer_virtual-audio-cable.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\ldrtbDVDV.dll => Moved successfully. C:\Dokumente und Einstellungen\Alex xD\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB_DE\tbDVDV.dll => Moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll => Moved successfully. C:\Dokumente und Einstellungen\Paul\Anwendungsdaten\Mozilla\Firefox\Profiles\gwjqcd1z.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\chrome\games_bar_1.jar => Moved successfully. C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully. C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Downloads\LevelR_Multi_Downloader(3).exe => Moved successfully. C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero BackItUp Final.exe => Moved successfully. C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero MediaHome Final.exe => Moved successfully. C:\Dokumente und Einstellungen\Paul\Eigene Dateien\Programms\Nero_9\Nero Move it .exe => Moved successfully. C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\ldrtbBro0.dll => Moved successfully. C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro0.dll => Moved successfully. C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro1.dll => Moved successfully. C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\BrotherSoft_Extreme\tbBro2.dll => Moved successfully. C:\Dokumente und Einstellungen\Paul\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll => Moved successfully. C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe => Moved successfully. C:\Program Files\NexonEU\LostSagaEU\lostsaga.exe => Moved successfully. C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully. C:\Users\computer\Desktop\Paul\Paul\Documents\Downloads\LevelR_Multi_Downloader(3).exe => Moved successfully. C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero BackItUp Final.exe => Moved successfully. C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero MediaHome Final.exe => Moved successfully. C:\Users\computer\Desktop\Paul\Paul\Documents\Programms\Nero_9\Nero Move it .exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Desktop\Programme\Games\Lost Saga\LostSagaEU_Full.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\dffsetup-dwmapi.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(1).exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload(2).exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeDownload.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubetoMP3Converter(1).exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter(2).exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter31126.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Documents\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Downloads\asc-setup.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Gif_To_Swf_Converter-ORG-10912145.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi134-Textools-ORG-10382457.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Downloads\cbsidlm-cbsi145-Textools-ORG-10382457.exe => Moved successfully. C:\Users\Dr.Kawaii Fluury\Downloads\GifToSwfConverter_setup.zip => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 368.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 14:06:20 ==== |
![]() | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.) Sieht soweit ok aus ![]() Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #15 | |
| ![]() Adware, allerdings nur auf einer Seite. (meines Wissens.)Zitat:
Scheint das eine große Menge an Problemen welches dieses Programm erkannt hat von einem der Accounts unserer jüngeren Benutzer auskommt, müsste dann mal ein Wörtchen reden. Sonst würd ich mich stark bei Ihnen für die Hilfe bedanken! Werde diese Seite definitiv weiterempfehlen. :] |
![]() |
Themen zu Adware, allerdings nur auf einer Seite. (meines Wissens.) |
adchoices, adware, antivirus, cleaner, einzige, erscheint, externe, externe festplatte, festplatte, firefox, immernoch, installier, lag, laufen, malwarebytes, meldung, nichts, platte, programm, programme, programmen, schlimm, schnell, steam, website, youtube |