| |
| |||||||
Log-Analyse und Auswertung: Win 7 - nach Spieldownload und Schein-Installation Probleme und ChaosWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.03.2015, 22:50
| #1 |
 |  Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Hallo liebe Leute, ich habe vor ca. 2 Tagen ein Spiel aus dem Internet herunter geladen und installiert, und als der Installationsassistent fertig war, war von dem Spiel plötzlich keine Spur mehr auf meinem Rechner. Seit dem habe ich jeden Tag andere Probleme: MBAM startet, läuft aber erst wieder nach De- und Neuinstallation, MBAR startet aber läuft gar nicht mehr, mein PC erkennt meine Speichergeräte (USB etc.) nicht mehr, Avira poppt ständig auf wegen unerwünschter Funde, Firefox schließt während einer Sitzung meine zahlreichen Tabs und öffnet danach ein neues Fenster etc. Vor dieser Anfrage habe ich folgende Selbsthilfe versucht: 1.MBAM Chameleon: Dabei ist auch nach einer Stunde vor dem PC nix passiert. (Scan...) Hab es unterbrochen. 2.Sophos Anti Rootkit: Anbei Logfile. 3.Dann bin ich der Anleitung gefolgt: Defogger, Frst64 und Gmer. SOPHOS Area: Local hard drives Description: Unknown hidden file Location: C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7600.16385_none_ed079508d36e3f2d\IMJPDCT.EXE Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D2T6VCP\AF3EB3F137246B6F2812613D98AAF3[1].jpg Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Users\Besitzer\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Users\Besitzer\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Program Files (x86)\VLC\lua\intf\cli.luac Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:24 on 06/03/2015 (Besitzer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01 Ran by Besitzer (administrator) on LAVAMAT on 06-03-2015 21:43:36 Running from C:\Users\Besitzer\Downloads Loaded Profiles: Besitzer & Administrator & (Available profiles: Besitzer & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe () C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe (Electronic Arts) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\Core\EACoreServer.exe () C:\Users\Besitzer\Downloads\Defogger.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Deskjet 1050 J410 series\bin\HPScan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-11-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: J - J:\LaunchU3.exe -a HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: {31c95400-84cf-11e1-8540-cae1fc6d0ade} - J:\LaunchU3.exe -a HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: {a1280058-1514-11e1-8adb-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: {a128005d-1514-11e1-8adb-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: {d8bd42b4-11cc-11e1-9e07-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\MountPoints2: {d8bd42ba-11cc-11e1-9e07-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: J - J:\LaunchU3.exe -a HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {31c95400-84cf-11e1-8540-cae1fc6d0ade} - J:\LaunchU3.exe -a HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a1280058-1514-11e1-8adb-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a128005d-1514-11e1-8adb-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d8bd42b4-11cc-11e1-9e07-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d8bd42ba-11cc-11e1-9e07-6c626d96faea} - J:\AutoRun.exe HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ HKU\S-1-5-21-2472162299-3273411272-195361004-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ HKU\S-1-5-21-2472162299-3273411272-195361004-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ HKU\S-1-5-21-2472162299-3273411272-195361004-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ HKU\S-1-5-21-2472162299-3273411272-195361004-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{45271E45-F8EE-4CF0-8150-EB4AE68EA381}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{68CBE66B-5D8F-4E63-8AA6-FB12EFDEB1FD}: [NameServer] 8.8.8.8,8.8.4.4 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default FF Homepage: google.de FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google .com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2 C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20% 7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch( url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.s ongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7 C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url% 2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http %3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20sh ExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch( url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20' http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate. me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq .proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY %20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIREC T'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Windows\system32\npovshelper.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VLC\npvlc.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Besitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Besitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\webde-suche.xml FF Extension: Avira Browser Safety - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\abs@avira.com [2015-02-06] FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\donottrackplus@abine.com [2014-11-27] FF Extension: HTTPS-Everywhere - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\https-everywhere@eff.org [2015-01-23] FF Extension: WEB.DE MailCheck - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\toolbar@web.de [2015-03-03] FF Extension: YouTube Unblocker - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-25] FF Extension: ipFuck - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\ipfuck@p4ul.info.xpi [2013-05-20] FF Extension: YouTube Center - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-03-02] FF Extension: Flash Control - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2014-12-23] FF Extension: Vlc Kontextmenü - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-03-26] FF Extension: WebM Inline Player - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\webminline@player.xpi [2014-12-27] FF Extension: Flagfox - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF Extension: NoScript - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-15] FF Extension: ImTranslator - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-11-25] FF Extension: {c7f8df0d-8427-448d-b759-b71533baa0f8} - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{c7f8df0d-8427-448d-b759-b71533baa0f8}.xpi [2014-12-25] FF Extension: BetterPrivacy - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-04] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Besitzer\AppData\Roaming\14001.011 FF HKU\S-1-5-21-2472162299-3273411272-195361004-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Besitzer\AppData\Roaming\14001.011 Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.de/" CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-25] CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25] CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25] CHR Extension: (Google Search) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-10-25] CHR Extension: (HTTPS Everywhere) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-10-25] CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25] CHR Extension: (ScriptSafe) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-10-25] CHR Extension: (Gmail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Besitzer\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-03] (Avira Operations GmbH & Co. KG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG) U1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-06] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\1366.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-03-05] (Nicomsoft Ltd.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation ) U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 NPF; system32\DRIVERS\npf.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 21:43 - 2015-03-06 21:44 - 00026245 _____ () C:\Users\Besitzer\Downloads\FRST.txt 2015-03-06 21:43 - 2015-03-06 21:43 - 00000000 ___DC () C:\FRST 2015-03-06 15:58 - 2015-03-06 19:24 - 00000478 _____ () C:\Users\Besitzer\Downloads\defogger_disable.log 2015-03-06 15:58 - 2015-03-06 15:58 - 00000000 _____ () C:\Users\Besitzer\defogger_reenable 2015-03-06 15:40 - 2015-03-06 15:40 - 00015719 _____ () C:\Users\Besitzer\Desktop\Fund Syphos.odt 2015-03-06 15:09 - 2015-03-06 15:09 - 00050477 _____ () C:\Users\Besitzer\Downloads\Defogger.exe 2015-03-06 15:08 - 2015-03-06 15:08 - 02092544 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST64.exe 2015-03-06 15:08 - 2015-03-06 15:08 - 00380416 _____ () C:\Users\Besitzer\Downloads\Gmer-19357.exe 2015-03-06 14:21 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\1366.tmp 2015-03-06 14:08 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\2030.tmp 2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-03-06 14:00 - 2015-03-06 14:00 - 00003186 _____ () C:\Windows\System32\Tasks\{906A96A5-4B4C-488D-BF30-A8AF8F8FF547} 2015-03-06 13:56 - 2015-03-06 13:56 - 00003180 _____ () C:\Windows\System32\Tasks\{DFE22B96-877E-43BA-8F3F-6AF3E3146E08} 2015-03-06 13:52 - 2015-03-06 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-03-06 11:04 - 2015-03-06 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 22:32 - 2015-03-06 10:26 - 00000224 _____ () C:\Windows\setupact.log 2015-03-05 22:32 - 2015-03-05 22:32 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Besitzer\Desktop\Santa Claus in trouble ...again! - Demo.lnk 2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in trouble ...again! - Demo.lnk 2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ___DC () C:\Spiele) 2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo 2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo 2015-03-05 21:34 - 2015-03-05 21:34 - 00000000 ____D () C:\Users\Besitzer\Desktop\SantaIIDemo 2015-03-05 05:45 - 2015-03-05 05:49 - 00020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys 2015-03-03 05:57 - 2015-03-03 06:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Besitzer\Downloads\mbar-1.09.1.1004.exe 2015-03-03 05:53 - 2015-03-06 15:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-03 05:53 - 2015-03-03 06:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-03 05:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-03 05:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-03 04:25 - 2015-03-03 04:25 - 00000000 ____D () C:\Users\Besitzer\Downloads\mbam-chameleon-3.1.7.0 2015-03-02 02:20 - 2015-03-02 02:20 - 00001317 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in Trouble.lnk 2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble 2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble 2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Program Files (x86)\Spiele 2015-02-28 16:57 - 2015-03-05 05:56 - 00000000 ____D () C:\Program Files (x86)\AOC-i-Menu 2015-02-28 16:57 - 2015-02-28 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu 2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+ 2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\AOC-Screen+ 2015-02-28 11:26 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-02-28 11:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-02-28 11:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-02-28 11:23 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-02-28 11:23 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-02-28 11:22 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-02-28 11:22 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-02-25 20:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 20:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 20:20 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-20 20:20 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-20 20:20 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-20 20:20 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-12 11:30 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 11:30 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 11:30 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 11:30 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 19:18 - 2015-02-11 19:18 - 00000000 ____D () C:\Users\Besitzer\Eigener Kram\PassionFruit Games 2015-02-11 16:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 16:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 16:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 16:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 16:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 16:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 16:13 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 16:13 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 16:13 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 16:13 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 16:13 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 16:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 16:13 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 16:13 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 16:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 16:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 16:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 16:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 16:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 16:13 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 16:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 16:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 16:13 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 16:13 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 16:13 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 16:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 16:13 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 16:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 16:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 16:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 16:13 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 16:13 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 16:13 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 16:13 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 16:13 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 16:13 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 16:13 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 16:13 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 16:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 16:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 16:13 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 16:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 16:13 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 16:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 16:13 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 16:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 16:13 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 16:13 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 16:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 16:13 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 16:13 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 16:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 16:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 16:13 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 16:13 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 16:12 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 16:12 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 16:12 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 16:12 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 16:12 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 16:12 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 16:12 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 16:12 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 16:12 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 16:12 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 16:12 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 16:12 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 16:12 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 16:12 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 16:12 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 16:12 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 16:12 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 16:12 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 16:12 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 16:12 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 16:12 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 16:12 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 16:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 16:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 16:11 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 21:41 - 2013-07-06 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-06 21:27 - 2014-07-01 00:33 - 01123687 _____ () C:\Windows\WindowsUpdate.log 2015-03-06 15:58 - 2011-04-01 10:03 - 00000000 ___RD () C:\Users\Besitzer 2015-03-06 15:41 - 2014-09-04 04:29 - 00000000 ____D () C:\ProgramData\Origin 2015-03-06 15:41 - 2014-09-04 04:29 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-06 14:21 - 2011-04-03 22:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 13:52 - 2013-07-13 01:05 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-03-06 13:52 - 2011-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-03-06 13:42 - 2013-05-31 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-06 13:42 - 2013-04-02 19:16 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Mp3tag 2015-03-06 13:38 - 2013-12-05 20:37 - 00000000 ___RD () C:\Users\Besitzer\Desktop\Aktuell 2015-03-06 13:21 - 2014-04-29 10:33 - 00022528 ____H () C:\Users\Besitzer\Desktop\photothumb.db 2015-03-06 13:10 - 2014-10-25 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-06 11:36 - 2012-03-31 20:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc 2015-03-06 10:58 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-06 10:58 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-06 10:26 - 2011-04-01 10:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-06 10:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-05 21:34 - 2011-04-03 22:35 - 00000000 ___RD () C:\Spiele 2015-03-05 07:51 - 2009-07-14 18:58 - 00699456 _____ () C:\Windows\system32\perfh007.dat 2015-03-05 07:51 - 2009-07-14 18:58 - 00149596 _____ () C:\Windows\system32\perfc007.dat 2015-03-05 07:51 - 2009-07-14 06:13 - 01620784 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-04 04:56 - 2012-10-25 16:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Privates 2015-03-03 07:03 - 2011-11-29 18:17 - 00000000 ____D () C:\Windows\pss 2015-03-03 05:53 - 2014-12-25 21:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-03 01:36 - 2012-08-09 20:25 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Alice 2015-03-02 01:41 - 2009-07-14 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-28 11:26 - 2014-07-16 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-02-24 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-21 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-20 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-12 11:58 - 2013-12-03 02:40 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-12 11:58 - 2013-12-03 02:40 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-12 11:58 - 2013-12-03 02:40 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-11 20:34 - 2013-05-05 12:25 - 00408952 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-11 20:31 - 2014-12-10 07:44 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-11 20:31 - 2014-04-30 15:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 20:11 - 2013-08-15 02:35 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 20:03 - 2011-11-21 00:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 19:18 - 2012-04-26 23:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram 2015-02-06 17:41 - 2013-07-06 14:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-06 17:41 - 2012-04-01 14:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-06 17:41 - 2011-11-20 22:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 22:01 - 2015-01-23 02:09 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-02-05 22:01 - 2014-07-16 20:17 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-02-05 22:01 - 2014-07-16 20:17 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-02-05 22:01 - 2013-11-19 16:33 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-02-05 22:01 - 2011-10-21 18:56 - 00027441 _____ () C:\Windows\system32\nvinfo.pb 2015-02-05 20:07 - 2010-10-16 12:13 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-02-05 20:07 - 2010-10-16 12:13 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-02-05 20:07 - 2010-10-16 12:13 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-02-05 20:07 - 2010-10-16 12:13 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-02-05 20:07 - 2010-07-09 15:17 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-02-05 20:06 - 2010-10-16 12:13 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-02-05 13:50 - 2012-05-11 23:08 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin ==================== Files in the root of some directories ======= 2012-08-05 23:14 - 2012-08-08 16:48 - 0000048 _____ () C:\Users\Besitzer\AppData\Roaming\AcroIEHelpe.txt 2012-08-09 02:18 - 2012-08-09 05:20 - 0000017 _____ () C:\Users\Besitzer\AppData\Roaming\blckdom.res 2013-06-10 21:20 - 2013-06-10 21:20 - 0000046 _____ () C:\Users\Besitzer\AppData\Roaming\Camdata.ini 2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamLayout.ini 2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamShapes.ini 2013-06-10 21:19 - 2013-06-10 21:20 - 0004510 _____ () C:\Users\Besitzer\AppData\Roaming\CamStudio.cfg 2011-04-01 23:17 - 2011-11-20 15:42 - 0000146 _____ () C:\Users\Besitzer\AppData\Roaming\default.rss 2011-04-07 00:03 - 2011-04-07 00:03 - 0000000 _____ () C:\Users\Besitzer\AppData\Roaming\downloads.m3u 2014-08-30 05:17 - 2014-08-30 05:22 - 0000826 _____ () C:\Users\Besitzer\AppData\Roaming\LiveSupport.exe_log.txt 2014-08-30 05:17 - 2014-08-30 05:22 - 0000092 _____ () C:\Users\Besitzer\AppData\Roaming\regsvr32.exe_log.txt 2012-08-05 23:14 - 2012-08-05 23:14 - 0000264 _____ () C:\Users\Besitzer\AppData\Roaming\srvblck5.tmp 2011-04-02 01:47 - 2011-04-02 01:47 - 0033134 _____ () C:\Users\Besitzer\AppData\Roaming\UserTile.png 2013-12-19 02:46 - 2013-12-19 02:46 - 0005632 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-01 22:01 - 2013-12-01 22:01 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Besitzer\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 17:17 ==================== End Of Log ============================ GMER GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-06 21:59:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d ST350041 rev.CC46 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Besitzer\AppData\Local\Temp\awrdapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075e63f1c 5 bytes JMP 0000000157518c00 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!SetWindowPos 00000000767a8e4e 5 bytes JMP 00000001575180f0 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 0000000157517ed0 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!SetFocus 00000000767b2175 5 bytes JMP 0000000157517fe0 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!SetActiveWindow 00000000767b3208 5 bytes JMP 0000000157518200 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000767b7b3b 5 bytes JMP 0000000157517c00 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000767cf170 5 bytes JMP 0000000157517af0 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000767e90fc 5 bytes JMP 0000000157517d10 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000076807d97 5 bytes JMP 0000000157517dc0 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007606a827 5 bytes JMP 0000000157517a00 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077121401 2 bytes JMP 75e8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077121419 2 bytes JMP 75e8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077121431 2 bytes JMP 75f08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007712144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771214dd 2 bytes JMP 75f087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771214f5 2 bytes JMP 75f08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007712150d 2 bytes JMP 75f08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077121525 2 bytes JMP 75f08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007712153d 2 bytes JMP 75e7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077121555 2 bytes JMP 75e868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007712156d 2 bytes JMP 75f08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077121585 2 bytes JMP 75f08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007712159d 2 bytes JMP 75f0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771215b5 2 bytes JMP 75e7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771215cd 2 bytes JMP 75e8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771216b2 2 bytes JMP 75f08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771216bd 2 bytes JMP 75f085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077121401 2 bytes JMP 75e8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077121419 2 bytes JMP 75e8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077121431 2 bytes JMP 75f08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007712144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771214dd 2 bytes JMP 75f087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771214f5 2 bytes JMP 75f08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007712150d 2 bytes JMP 75f08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077121525 2 bytes JMP 75f08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007712153d 2 bytes JMP 75e7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077121555 2 bytes JMP 75e868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007712156d 2 bytes JMP 75f08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077121585 2 bytes JMP 75f08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007712159d 2 bytes JMP 75f0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771215b5 2 bytes JMP 75e7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771215cd 2 bytes JMP 75e8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771216b2 2 bytes JMP 75f08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies DE\PlantsVsZombies.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771216bd 2 bytes JMP 75f085f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077121401 2 bytes JMP 75e8b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077121419 2 bytes JMP 75e8b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077121431 2 bytes JMP 75f08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007712144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771214dd 2 bytes JMP 75f087a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771214f5 2 bytes JMP 75f08978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007712150d 2 bytes JMP 75f08698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077121525 2 bytes JMP 75f08a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007712153d 2 bytes JMP 75e7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077121555 2 bytes JMP 75e868ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007712156d 2 bytes JMP 75f08f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077121585 2 bytes JMP 75f08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007712159d 2 bytes JMP 75f0865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771215b5 2 bytes JMP 75e7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771215cd 2 bytes JMP 75e8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771216b2 2 bytes JMP 75f08e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Besitzer\Downloads\Defogger.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771216bd 2 bytes JMP 75f085f1 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ---- |
|
07.03.2015, 10:14
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Addition.txt fehlt noch 
__________________ |
|
07.03.2015, 14:45
| #3 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Vielen Dank für die schnelle Rückmeldung!
__________________Ich hoffe, es ist so richtig: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:24 on 06/03/2015 (Besitzer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: |
|
07.03.2015, 19:00
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 21:12
| #5 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Hallo Schrauber, sag mal, habe ich das gestern mit dem Defogger (Ausschalten der Laufwerksemulatoren) richtig gemacht und sind die wieder an? Gestern habe ich nämlich auf einmal keine Berechtigung mehr gehabt, den Avira-Echtzeitschutz wieder zu aktivieren. Das ging erst heute wieder und während des Hochfahrens sagte der PC mir auch, er wäre nicht korrekt beendet worden, obwohl ich ihn eigentlich wie immer runtergefahren habe. So, nun die Combofix-Logdatei. Vorab, folgende Fehler sind passiert: Starte Win neu... Bitte warten etc. und dann: Warning! Unable to create a backup of the current registry file C:\Windows\System32\config\system ! Continue restoring of this file? WTF Yes Error restoring C:\Windows\erdnt\subs\system to C:\Windows\System32\config\system ! Continue with the next file? Yes? [RegReplaceKey:5-Zugriff verweigert] Continue restoring with the next file? No? Nach dem Hochfahren war Avira dann plötzlich weg und auch die Option "Ausgeblendete Symbole einblenden". Hab dann erneut Neustart gemacht und alles wieder da. Code:
ATTFilter ComboFix 15-03-01.01 - Besitzer 07.03.2015 20:28:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1657 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\background.html
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\content.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\lsdb.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\manifest.json
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\background.html
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\content.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\lsdb.js
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\manifest.json
c:\users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js
c:\users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Besitzer\AppData\Roaming\14001.008
c:\users\Besitzer\AppData\Roaming\14001.008\chrome.manifest
c:\users\Besitzer\AppData\Roaming\14001.008\components\AcroFF.txt
c:\users\Besitzer\AppData\Roaming\14001.008\install.rdf
c:\users\Besitzer\AppData\Roaming\14001.009
c:\users\Besitzer\AppData\Roaming\14001.009\chrome.manifest
c:\users\Besitzer\AppData\Roaming\14001.009\components\AcroFF.txt
c:\users\Besitzer\AppData\Roaming\14001.009\install.rdf
c:\users\Besitzer\AppData\Roaming\14001.010
c:\users\Besitzer\AppData\Roaming\14001.010\chrome.manifest
c:\users\Besitzer\AppData\Roaming\14001.010\components\AcroFF.txt
c:\users\Besitzer\AppData\Roaming\14001.010\install.rdf
c:\users\Besitzer\AppData\Roaming\AcroIEHelpe.txt
c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Templates\VideoSpin_2_0_Setup.exe
c:\users\Besitzer\AppData\Roaming\Roaming
c:\users\Besitzer\AppData\Roaming\srvblck5.tmp
c:\users\Besitzer\AppData\Roaming\Start
c:\users\Besitzer\AppData\Roaming\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
C:\Win
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-07 bis 2015-03-07 ))))))))))))))))))))))))))))))
.
.
2015-03-06 20:43 . 2015-03-06 20:45 -------- dc----w- C:\FRST
2015-03-06 13:21 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\1366.tmp
2015-03-06 13:08 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\2030.tmp
2015-03-06 12:52 . 2015-03-06 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-03-06 12:52 . 2015-03-06 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-03-06 12:52 . 2015-03-06 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-03-06 12:52 . 2015-03-06 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-03-06 12:52 . 2015-03-06 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-03-05 20:35 . 2015-03-05 20:35 -------- dc----w- C:\Spiele)
2015-03-05 04:45 . 2015-03-05 04:49 20784 ----a-w- c:\windows\system32\drivers\mi2c.sys
2015-03-04 18:41 . 2015-03-04 18:41 -------- d-----w- c:\users\Besitzer\AppData\Local\ElevatedDiagnostics
2015-03-03 04:53 . 2015-03-06 14:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 04:53 . 2015-03-03 05:24 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-03 04:53 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-03 04:53 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-02 01:20 . 2015-03-02 01:20 -------- d-----w- c:\program files (x86)\Spiele
2015-02-28 15:57 . 2015-03-05 04:56 -------- d-----w- c:\program files (x86)\AOC-i-Menu
2015-02-28 15:56 . 2015-02-28 15:56 -------- d-----w- c:\program files (x86)\AOC-Screen+
2015-02-28 10:26 . 2015-02-05 17:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-28 10:23 . 2015-02-05 21:01 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-28 10:23 . 2015-02-05 21:01 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-28 10:23 . 2015-02-05 21:01 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-28 10:23 . 2015-02-05 21:01 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-20 19:20 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-20 19:20 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-20 19:20 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-20 19:20 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-12 10:30 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 10:30 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 10:30 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 10:30 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 15:14 . 2015-01-12 02:56 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 15:14 . 2015-01-12 02:48 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-11 15:14 . 2015-01-12 02:34 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-11 15:14 . 2015-01-12 02:15 276480 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2015-02-11 15:14 . 2015-01-12 02:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-02-11 15:14 . 2015-01-12 02:05 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-02-11 15:12 . 2015-01-10 06:48 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-02-11 15:11 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 15:11 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 15:11 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 15:11 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 15:11 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 15:11 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 15:11 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:11 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 15:11 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 15:11 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 10:58 . 2013-12-03 01:40 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-02-12 10:58 . 2013-12-03 01:40 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-02-12 10:58 . 2013-12-03 01:40 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-11 19:03 . 2011-11-20 23:56 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-06 16:41 . 2012-04-01 13:01 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 16:41 . 2011-11-20 21:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 21:01 . 2015-01-23 01:09 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2014-07-16 19:17 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2014-07-16 19:17 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2013-11-19 15:33 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 19:07 . 2010-10-16 11:13 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2010-10-16 11:13 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2010-10-16 11:13 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2010-10-16 11:13 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:07 . 2010-07-09 14:17 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:06 . 2010-10-16 11:13 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 12:50 . 2012-05-11 22:08 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-01-13 04:15 . 2015-01-23 01:09 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-01-10 08:07 . 2015-01-23 01:09 1895240 ----a-w- c:\windows\system32\nvdispco6434725.dll
2015-01-10 08:07 . 2015-01-23 01:09 1556808 ----a-w- c:\windows\system32\nvdispgenco6434725.dll
2014-12-19 03:06 . 2015-01-13 21:35 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 21:35 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 10:08 . 2014-12-23 17:47 1556624 ----a-w- c:\windows\system32\nvdispgenco6434709.dll
2014-12-13 10:08 . 2014-12-23 17:47 1895056 ----a-w- c:\windows\system32\nvdispco6434709.dll
2014-12-11 17:47 . 2015-01-13 21:35 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-03 703280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN09Q2H2SQ05HW;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1366.tmp;c:\windows\SYSNATIVE\1366.tmp [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys;c:\windows\SYSNATIVE\drivers\mi2c.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 19:44 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-19 13662936]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = www.google.com
mStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45271E45-F8EE-4CF0-8150-EB4AE68EA381}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{68CBE66B-5D8F-4E63-8AA6-FB12EFDEB1FD}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 7 - c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Alex Gordon - k:\docume~1\SPIELE\PURPLE~1\ALEXGO~1\UNWISE.EXE
AddRemove-Jumpin'Jack - k:\purple~1\JUMPIN~1\UNWISE.EXE
AddRemove-Turtix - k:\purple~1\TURTIX\UNWISE.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-sc15-GAMETWIST_MAIN - c:\spiele\Neuer Ordner\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1366.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2472162299-3273411272-195361004-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dc,4b,81,36,a0,bc,3e,a4,74,79,a1,8d,b0,21,6d,42,84,39,9d,6c,10,9e,9a,
30,a1,04,46,c9,56,8c,d3,05,d0,dc,e0,74,f6,d5,78,8c,5f,f5,dc,af,2a,32,d0,6d,\
"??"=hex:e6,a2,64,73,b5,50,4e,15,ea,9d,db,4c,ea,f0,2a,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-07 20:51:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-03-07 19:51
.
Vor Suchlauf: 12 Verzeichnis(se), 62.681.690.112 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 62.501.539.840 Bytes frei
.
- - End Of File - - 86241DC008747A165EB22896692AA55B
A36C5E4F47E84449FF07ED3517B43A31
|
|
08.03.2015, 14:47
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos |
|
08.03.2015, 18:59
| #7 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos MBAM ohne Befund.AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 16:25:11
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Besitzer - LAVAMAT
# Gestarted von : C:\Users\Besitzer\Downloads\AdwCleaner_4.111.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\invalidprefs.js
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\tsduhzvm.default\user.js
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\regsvr32.exe_log.txt
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\f74991b68ba9d484
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Ordner Gefunden : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gefunden : C:\Users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser
Ordner Gefunden : C:\Users\Administrator.LAVAMAT\AppData\Local\torch
Ordner Gefunden : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\OCS
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\ParetoLogic
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\PerformerSoft
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\RHEng
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\Toolplugin
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\RegisteredApplicationsEx
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gefunden : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0.1 (x86 de)
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.DockingPositionDown", false);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.Visibility", true);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.countryiso", "de");
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.downloadprovider", "vittalia");
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.installationid", "81a4092d-8c5b-2c31-affa-20c79ca8b795");
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.installdate", "15/11/2013");
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.helperbar.publisher", "vittalia");
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.sdfICxw_hBWP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
[p0li2xkm.default] - Zeile Gefunden : user_pref("extensions.tyW1.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
-\\ Google Chrome v40.0.2214.115
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [16643 Bytes] - [08/03/2015 16:25:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16703 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 16:28:54
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Besitzer - LAVAMAT
# Gestarted von : C:\Users\Besitzer\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gelöscht : C:\ProgramData\f74991b68ba9d484
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Ordner Gelöscht : C:\Users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator.LAVAMAT\AppData\Local\torch
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\invalidprefs.js
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\tsduhzvm.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0.1 (x86 de)
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", true);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.downloadprovider", "vittalia");
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installationid", "81a4092d-8c5b-2c31-affa-20c79ca8b795");
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installdate", "15/11/2013");
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "vittalia");
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.sdfICxw_hBWP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sum[...]
[p0li2xkm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.tyW1.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]
-\\ Google Chrome v40.0.2214.115
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [17019 Bytes] - [08/03/2015 16:25:11]
AdwCleaner[S0].txt - [16708 Bytes] - [08/03/2015 16:28:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16768 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Besitzer on 08.03.2015 at 18:42:58,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\p0li2xkm.default\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\p0li2xkm.default\prefs.js
user_pref("extensions.tyW1.url", "hxxp://getsync.info/sync2/?q=hfZ9ofV9CShEAen0rjrEqihTB6lKDzt4okmxtNtVh7n0rjnEqHa5rjrFqHkGtMFHhd9Fqda6rjnFpdr6rHrMDMlGojUMAe4UojCGqdw9rjr7rdCH
Emptied folder: C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\p0li2xkm.default\minidumps [463 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 18:47:18,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Besitzer at 2015-03-08 18:49:29
Running from C:\Users\Besitzer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Alabama Smith: Flucht aus Pompeji (HKLM-x32\...\Alabama Smith: Flucht aus Pompeji) (Version: 0.0.0.0 - INTENIUM GmbH)
Alex Gordon (HKLM-x32\...\Alex Gordon) (Version: - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Beetle Ju 2 (HKLM-x32\...\Beetle Ju 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BriefeAusDemJenseits (HKLM-x32\...\{FFAB08E3-956E-4155-8DDD-758094D426DB}) (Version: 1.00.0000 - Intenium GmbH)
Bubble Odyssey 1.0 (HKLM-x32\...\Bubble Odyssey_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Codec Decoder Pack (HKLM-x32\...\Codec Decoder Pack) (Version: 1.0 - Codec Decoder)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: 2.0.0.0 - INTENIUM GmbH)
Der Exorzist (HKLM-x32\...\Der Exorzist) (Version: 1.0.0.0 - INTENIUM GmbH)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
Die Tuttles (HKLM-x32\...\Die Tuttles) (Version: - )
Dr Kawashima (HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\DrKawashima) (Version: 1.0 - )
Druids: Operation Mistelzweig (HKLM-x32\...\Druids: Operation Mistelzweig) (Version: 1.0.0.0 - INTENIUM GmbH)
Farm Frenzy 3 - Ice Age (HKLM-x32\...\{F02C0332-6167-4A5A-92E8-A401946278D3}) (Version: 1.00.0000 - PurpleHills)
Folderico 4.0 RC12 (HKLM-x32\...\Folderico) (Version: 4.0 RC12 - Shedko ( www.softq.org ))
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Alarm Clock 3.0.3 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haus der 1000 Türen 2: Das Juwel des Zarathustra (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra) (Version: 1.0.0.0 - INTENIUM GmbH)
Haus der 1000 Türen: Familiengeheimnisse (HKLM-x32\...\Haus der 1000 Türen: Familiengeheimnisse) (Version: 1.0.0.0 - INTENIUM GmbH)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hurrican 1.0.0.4 (HKLM-x32\...\Hurrican_is1) (Version: 1.0.0.4 - Poke53280)
IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
i-Menu version 4.3.1 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.1 - AOC)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Jumpin'Jack (HKLM-x32\...\Jumpin'Jack) (Version: - )
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kingdom Chronicles: Königreich in Gefahr (HKLM-x32\...\Kingdom Chronicles: Königreich in Gefahr) (Version: 1.0.0.0 - INTENIUM GmbH)
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moai: Erschaffe deinen Traum (HKLM-x32\...\Moai: Erschaffe deinen Traum) (Version: 1.0.0.0 - INTENIUM GmbH)
Moorhuhn Atlantis (HKLM-x32\...\Moorhuhn Atlantis) (Version: - )
Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteriez - Versteckte Zahlen (HKLM-x32\...\Mysteriez - Versteckte Zahlen) (Version: - )
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - )
PuppetShow: Ruckkehr nach Joyville (HKLM-x32\...\BFG-PuppetShow - Rueckkehr nach Joyville) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version: - )
Santa Claus in trouble ...again! - Demo (HKLM-x32\...\Santa Claus in trouble ...again! - Demo) (Version: - )
Schatzjäger (HKLM-x32\...\Schatzjäger) (Version: - phenomedia publishing gmbh)
Schatzjäger 2 (HKLM-x32\...\{1D0DD240-7752-48B5-A6EF-AC6509E16ABE}) (Version: 1.00.0000 - )
Screen+ version Screen+ 1.2.1 (HKLM\...\Screen+_is1) (Version: Screen+ 1.2.1 - AOC)
Sherlock Holmes und der Hund der Baskervilles (HKLM-x32\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sky Taxi 4: Streng Geheim (HKLM-x32\...\Sky Taxi 4: Streng Geheim) (Version: 1.0.0.0 - INTENIUM GmbH)
Supercow (VOLLVERSION) (HKLM-x32\...\Supercow (VOLLVERSION)) (Version: - )
SuperTux Version 0.3.4 (HKLM-x32\...\{5095BBEC-9A2F-4DA1-B5EF-511C728A2FF6}_is1) (Version: 0.3.4 - SuperTux Development Team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tiger Eye (HKLM-x32\...\Tiger Eye) (Version: - )
Tiger Eye: Die Opfergabe (HKLM-x32\...\BFG-Tiger Eye - Die Opfergabe) (Version: - )
Timeless: Die vergessene Stadt (HKLM-x32\...\BFG-Timeless - Die vergessene Stadt) (Version: - )
Turtix (HKLM-x32\...\Turtix) (Version: - )
Turtix 2 (HKLM-x32\...\Turtix 2) (Version: 0.0.0.0 - INTENIUM GmbH)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
World Riddles: Secrets Of The Ages 1.0 (HKLM-x32\...\World Riddles: Secrets Of The Ages_is1) (Version: - Funny Bear Studio)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2472162299-3273411272-195361004-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
12-02-2015 20:00:21 Windows Update
20-02-2015 20:39:01 Windows Update
25-02-2015 20:00:21 Windows Update
05-03-2015 05:47:04 Entfernt NETGEAR WNA3100 wireless USB 2.0 adapter
06-03-2015 13:51:27 Installed QuickTime 7
06-03-2015 14:16:18 Installed Avira RootKit Detection
06-03-2015 14:17:30 Installed Avira RootKit Detection
06-03-2015 14:18:34 Configured Avira RootKit Detection
06-03-2015 14:21:14 Removed Avira RootKit Detection
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-07 20:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B8BE318-7B69-461A-8C64-0EB3DD41DAC3} - System32\Tasks\{C1561D4A-B44B-49DD-A0F8-EF52562CBD95} => pcalua.exe -a "C:\Program Files\Eigene Programme\VLC\VLCPortable\VLCPortable.exe" -d "C:\Program Files\Eigene Programme\VLC\VLCPortable"
Task: {12FE15C5-E219-406D-A73E-9D93DB6D3E16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {3AC414A4-5971-4CFC-B60B-8636D25B8DA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {42153756-BC4F-4142-B347-80108A996A73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4A4957CD-F67F-4A14-B9CF-C90EB3D39DEC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {57FE0623-8D4E-4FB1-91C8-9A88F98A7279} - System32\Tasks\{68A1FC85-0D22-4FFD-8AFD-E46FD6FA28CD} => pcalua.exe -a C:\Windows\SysWOW64\DivXControlPanelApplet.cpl -c DivX Control Panel
Task: {65ABCEE0-8155-427C-8661-D8EA03BCD36B} - System32\Tasks\{A5ED2DA0-1C3C-492C-AB78-B1E3EC3D00BC} => pcalua.exe -a J:\OpenOfficePortable\OpenOfficeWriterPortable.exe -d J:\OpenOfficePortable
Task: {6FC8A5D1-2675-4C4B-BB06-1BFCD7B1721C} - System32\Tasks\{906A96A5-4B4C-488D-BF30-A8AF8F8FF547} => pcalua.exe -a C:\Users\Besitzer\Downloads\avira_antivir_antirootkit_en(1).exe -d C:\Users\Besitzer\Downloads
Task: {81A2F243-F15D-4F24-81AF-29F76B55FE2D} - System32\Tasks\{7561AFB8-E02B-4BB2-B905-D83B7A1A31AB} => pcalua.exe -a "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA StereoUSB Driver\nvUSBInst.exe" -d "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA StereoUSB Driver"
Task: {81E50F47-5E83-4443-96ED-7BFA4F94689B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8E2A7A38-D385-41AE-9304-70B125AC482D} - System32\Tasks\{205D5359-6194-4D3A-AA1F-6E0491BDCC95} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {9EACE0DB-70A3-499D-85EE-DB7847D8C932} - System32\Tasks\{4A8C9B86-D5D3-40F2-BBB0-46BBD06B0C43} => C:\Users\Besitzer\Desktop\Turtle Odyssey 2\Turtle Odyssey 2.exe
Task: {B568EABF-E7AE-418E-BC17-66A2605C9A0B} - System32\Tasks\{0D19AD70-C41F-4F22-9003-E0EAB1EE5BE0} => pcalua.exe -a E:\setup\setup.exe -d E:\setup
Task: {C3C296A5-40E8-4763-B0DF-C9D7776A8EE5} - System32\Tasks\{7840164C-A73D-4726-941A-5B45F6B89279} => pcalua.exe -a E:\Start.exe -d E:\
Task: {C9326867-66E5-4B89-80A2-C8731A92B9A8} - System32\Tasks\{4A1360EB-55A7-47DC-B77C-4C620B730949} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{F82C6574-AD88-4B40-A432-970BC77F1BD2}
Task: {D31429BC-581F-430B-A934-886EAEF9B323} - System32\Tasks\{5145A4DA-87D0-45AC-AB29-C9EE4A8A24E8} => pcalua.exe -a "C:\Program Files (x86)\OXXOGames\GPlayer\MyInstall.exe" -d C:\Windows\system32 -c ScriptUInst "C:\Program Files (x86)\OXXOGames\GPlayer\Install\\Game_NSoftSupercowCD.log"
Task: {D4C17D60-38D1-4714-9D81-1BD33E46B25C} - System32\Tasks\{B00E5003-544E-43D9-9CA9-8A38122A743F} => pcalua.exe -a "C:\Eigene Programme\VLCPortable\VLCPortable.exe" -d C:\Users\Besitzer\Videos\Flash -c "C:\Users\Besitzer\Videos\Flash\Faithless - Insomnia.flv"
Task: {F2C7EC5A-0213-416A-926C-77CBE8D63546} - System32\Tasks\{D1BB4EFD-0219-483A-BBAE-B14982220F81} => pcalua.exe -a "C:\Users\Besitzer\Desktop\Neuer Ordner\s_install.exe" -d "C:\Users\Besitzer\Desktop\Neuer Ordner"
Task: {F51ABCD2-3A7B-42A6-8941-2E6850D51057} - System32\Tasks\{2D0A611E-70E9-471E-A485-252A68A189C8} => pcalua.exe -a E:\SETUP.exe -d E:\
Task: {FBA7811A-9E7E-4C85-8DEC-14811BAF73C5} - System32\Tasks\{DE59C836-6D79-4D21-9562-2CC82BEF1148} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {FF6210FB-C7D2-466B-A1C1-17C6937D0059} - System32\Tasks\{DFE22B96-877E-43BA-8F3F-6AF3E3146E08} => pcalua.exe -a C:\Users\Besitzer\Downloads\avira_antivir_antirootkit_en.exe -d C:\Users\Besitzer\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2012-05-11 23:08 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:00F78F7C
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:0F4A7B6A
AlternateDataStreams: C:\ProgramData\TEMP:1C611FFB
AlternateDataStreams: C:\ProgramData\TEMP:1CB3187E
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:43B12647
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881
AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A
AlternateDataStreams: C:\ProgramData\TEMP:898C038B
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:93C494CA
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0
AlternateDataStreams: C:\ProgramData\TEMP:C900B47A
AlternateDataStreams: C:\ProgramData\TEMP:CA1AFE85
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DE220DE0
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: StumbleUponUpdater => 2
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^Users^Besitzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
==================== Accounts: =============================
Administrator (S-1-5-21-2472162299-3273411272-195361004-500 - Administrator - Disabled) => C:\Users\Administrator.LAVAMAT
Besitzer (S-1-5-21-2472162299-3273411272-195361004-1000 - Administrator - Enabled) => C:\Users\Besitzer
Gast (S-1-5-21-2472162299-3273411272-195361004-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2472162299-3273411272-195361004-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: G:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: NVIDIA GeForce 7025 / NVIDIA nForce 630a
Description: NVIDIA GeForce 7025 / NVIDIA nForce 630a
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: F:\
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-07 20:35:39.388
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 20:35:39.279
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:51.349
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:51.237
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:51.107
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:50.992
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:50.862
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:50.748
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:50.563
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 15:56:50.447
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 32%
Total physical RAM: 2815.24 MB
Available physical RAM: 1910.68 MB
Total Pagefile: 5628.67 MB
Available Pagefile: 4289.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200 GB) (Free:58.44 GB) NTFS
Drive d: (Volume) (Fixed) (Total:265.66 GB) (Free:265.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1D884D44)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Besitzer (administrator) on LAVAMAT on 08-03-2015 18:48:34
Running from C:\Users\Besitzer\Downloads
Loaded Profiles: Besitzer (Available profiles: Besitzer & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-31] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-31] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45271E45-F8EE-4CF0-8150-EB4AE68EA381}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{68CBE66B-5D8F-4E63-8AA6-FB12EFDEB1FD}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default
FF Homepage: google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Windows\system32\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Besitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\englische-ergebnisse.xml [2014-06-05]
FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\gmx-suche.xml [2014-06-05]
FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\searchplugins\webde-suche.xml [2014-06-05]
FF Extension: Avira Browser Safety - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\abs@avira.com [2015-02-06]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\donottrackplus@abine.com [2014-11-27]
FF Extension: HTTPS-Everywhere - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\https-everywhere@eff.org [2015-01-23]
FF Extension: YouTube Unblocker - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-25]
FF Extension: ipFuck - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\ipfuck@p4ul.info.xpi [2013-05-20]
FF Extension: YouTube Center - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-03-02]
FF Extension: Flash Control - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2014-12-23]
FF Extension: Vlc Kontextmenü - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-03-26]
FF Extension: WebM Inline Player - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\webminline@player.xpi [2014-12-27]
FF Extension: Flagfox - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: NoScript - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-15]
FF Extension: ImTranslator - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-11-25]
FF Extension: {c7f8df0d-8427-448d-b759-b71533baa0f8} - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{c7f8df0d-8427-448d-b759-b71533baa0f8}.xpi [2014-12-25]
FF Extension: BetterPrivacy - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Besitzer\AppData\Roaming\14001.011
FF Extension: No Name - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\extensions\toolbar@web.de [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-10-25]
CHR Extension: (HTTPS Everywhere) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (ScriptSafe) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-03] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\1366.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-03-05] (Nicomsoft Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 18:48 - 2015-03-08 18:48 - 00021456 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2015-03-08 18:48 - 2015-03-08 18:48 - 00000000 ____D () C:\Users\Besitzer\Downloads\FRST-OlderVersion
2015-03-08 18:47 - 2015-03-08 18:47 - 00001323 _____ () C:\Users\Besitzer\Desktop\JRT.txt
2015-03-08 18:41 - 2015-03-08 18:41 - 01388333 _____ (Thisisu) C:\Users\Besitzer\Downloads\JRT.exe
2015-03-08 16:24 - 2015-03-08 16:24 - 00019376 _____ () C:\Users\Besitzer\Desktop\MBAM_ADWCleaner.odt
2015-03-08 16:22 - 2015-03-08 16:28 - 00000000 ___DC () C:\AdwCleaner
2015-03-08 16:21 - 2015-03-08 16:21 - 02126848 _____ () C:\Users\Besitzer\Downloads\AdwCleaner_4.111.exe
2015-03-08 02:10 - 2015-03-08 16:30 - 00000392 _____ () C:\Windows\setupact.log
2015-03-08 02:10 - 2015-03-08 02:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-07 20:51 - 2015-03-07 20:51 - 00031478 ____C () C:\Users\Besitzer\Desktop\ComboFix.txt
2015-03-07 20:25 - 2015-03-07 20:51 - 00000000 ___DC () C:\Qoobox
2015-03-07 20:25 - 2015-03-07 20:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 20:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 20:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 20:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 20:22 - 2015-03-07 20:23 - 05612482 ____R (Swearware) C:\Users\Besitzer\Downloads\ComboFix.exe
2015-03-06 22:13 - 2015-03-07 14:39 - 00000000 ____D () C:\Users\Besitzer\Desktop\Trojanerboard
2015-03-06 21:43 - 2015-03-08 18:48 - 00000000 ___DC () C:\FRST
2015-03-06 15:09 - 2015-03-06 15:09 - 00050477 _____ () C:\Users\Besitzer\Downloads\Defogger.exe
2015-03-06 15:08 - 2015-03-08 18:48 - 02095104 ____C (Farbar) C:\Users\Besitzer\Downloads\FRST64.exe
2015-03-06 15:08 - 2015-03-06 15:08 - 00380416 _____ () C:\Users\Besitzer\Downloads\Gmer-19357.exe
2015-03-06 14:21 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\1366.tmp
2015-03-06 14:08 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\2030.tmp
2015-03-06 14:00 - 2015-03-06 14:00 - 00003186 _____ () C:\Windows\System32\Tasks\{906A96A5-4B4C-488D-BF30-A8AF8F8FF547}
2015-03-06 13:56 - 2015-03-06 13:56 - 00003180 _____ () C:\Windows\System32\Tasks\{DFE22B96-877E-43BA-8F3F-6AF3E3146E08}
2015-03-06 13:52 - 2015-03-06 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-06 11:04 - 2015-03-06 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Besitzer\Desktop\Santa Claus in trouble ...again! - Demo.lnk
2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in trouble ...again! - Demo.lnk
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ___DC () C:\Spiele)
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo
2015-03-05 21:34 - 2015-03-05 21:34 - 00000000 ____D () C:\Users\Besitzer\Desktop\SantaIIDemo
2015-03-05 05:45 - 2015-03-05 05:49 - 00020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2015-03-03 05:57 - 2015-03-03 06:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Besitzer\Downloads\mbar-1.09.1.1004.exe
2015-03-03 05:53 - 2015-03-08 15:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 05:53 - 2015-03-03 06:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 05:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 05:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 04:25 - 2015-03-03 04:25 - 00000000 ____D () C:\Users\Besitzer\Downloads\mbam-chameleon-3.1.7.0
2015-03-02 02:20 - 2015-03-02 02:20 - 00001317 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in Trouble.lnk
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Program Files (x86)\Spiele
2015-02-28 16:57 - 2015-03-05 05:56 - 00000000 ____D () C:\Program Files (x86)\AOC-i-Menu
2015-02-28 16:57 - 2015-02-28 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu
2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+
2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\AOC-Screen+
2015-02-28 11:26 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-28 11:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-28 11:22 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-25 20:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 20:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 20:20 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-20 20:20 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-20 20:20 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-20 20:20 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 11:30 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 11:30 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 11:30 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 11:30 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:18 - 2015-02-11 19:18 - 00000000 ____D () C:\Users\Besitzer\Eigener Kram\PassionFruit Games
2015-02-11 16:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:13 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:13 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:13 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:13 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:13 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:13 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:13 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:13 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:13 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:13 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:13 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:13 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:13 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:13 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:13 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:13 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:13 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:13 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:13 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:13 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:13 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:13 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:13 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:13 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:13 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:13 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:13 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:13 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:12 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:12 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:12 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:12 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:12 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:12 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:12 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:12 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:12 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:12 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:12 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:12 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:12 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:12 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:12 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:12 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:12 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 16:12 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 16:12 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 16:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 16:11 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 18:44 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:44 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:41 - 2013-07-06 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 18:40 - 2014-07-01 00:33 - 01233537 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 16:30 - 2011-04-01 10:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 15:57 - 2014-09-04 04:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-08 15:57 - 2014-09-04 04:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-07 20:51 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-07 20:44 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-03-07 20:43 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-03-07 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-03-07 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-03-07 20:25 - 2012-11-16 04:21 - 00000000 ____D () C:\Users\Administrator.LAVAMAT
2015-03-07 12:19 - 2014-10-25 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 22:02 - 2011-04-01 10:03 - 00000000 ___RD () C:\Users\Besitzer
2015-03-06 14:21 - 2011-04-03 22:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 13:52 - 2013-07-13 01:05 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-06 13:52 - 2011-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-06 13:42 - 2013-05-31 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-06 13:42 - 2013-04-02 19:16 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Mp3tag
2015-03-06 13:38 - 2013-12-05 20:37 - 00000000 ___RD () C:\Users\Besitzer\Desktop\Aktuell
2015-03-06 13:21 - 2014-04-29 10:33 - 00022528 ____H () C:\Users\Besitzer\Desktop\photothumb.db
2015-03-06 11:36 - 2012-03-31 20:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc
2015-03-05 21:34 - 2011-04-03 22:35 - 00000000 ___RD () C:\Spiele
2015-03-05 07:51 - 2009-07-14 18:58 - 00699456 _____ () C:\Windows\system32\perfh007.dat
2015-03-05 07:51 - 2009-07-14 18:58 - 00149596 _____ () C:\Windows\system32\perfc007.dat
2015-03-05 07:51 - 2009-07-14 06:13 - 01620784 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 04:56 - 2012-10-25 16:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Privates
2015-03-03 07:03 - 2011-11-29 18:17 - 00000000 ____D () C:\Windows\pss
2015-03-03 05:53 - 2014-12-25 21:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-03 01:36 - 2012-08-09 20:25 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Alice
2015-03-02 01:41 - 2009-07-14 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-28 11:26 - 2014-07-16 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-24 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 11:58 - 2013-12-03 02:40 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-12 11:58 - 2013-12-03 02:40 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-12 11:58 - 2013-12-03 02:40 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-11 20:34 - 2013-05-05 12:25 - 00408952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:31 - 2014-12-10 07:44 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:31 - 2014-04-30 15:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:11 - 2013-08-15 02:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:03 - 2011-11-21 00:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 19:18 - 2012-04-26 23:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram
2015-02-06 17:41 - 2013-07-06 14:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 17:41 - 2012-04-01 14:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 17:41 - 2011-11-20 22:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2012-08-09 02:18 - 2012-08-09 05:20 - 0000017 _____ () C:\Users\Besitzer\AppData\Roaming\blckdom.res
2013-06-10 21:20 - 2013-06-10 21:20 - 0000046 _____ () C:\Users\Besitzer\AppData\Roaming\Camdata.ini
2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamLayout.ini
2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamShapes.ini
2013-06-10 21:19 - 2013-06-10 21:20 - 0004510 _____ () C:\Users\Besitzer\AppData\Roaming\CamStudio.cfg
2011-04-01 23:17 - 2011-11-20 15:42 - 0000146 _____ () C:\Users\Besitzer\AppData\Roaming\default.rss
2011-04-07 00:03 - 2011-04-07 00:03 - 0000000 _____ () C:\Users\Besitzer\AppData\Roaming\downloads.m3u
2011-04-02 01:47 - 2011-04-02 01:47 - 0033134 _____ () C:\Users\Besitzer\AppData\Roaming\UserTile.png
2013-12-19 02:46 - 2013-12-19 02:46 - 0005632 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-01 22:01 - 2013-12-01 22:01 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\avgnt.exe
C:\Users\Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Besitzer\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-06 17:17
==================== End Of Log ============================
|
|
08.03.2015, 19:45
| #8 |
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und ChaosESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 00:11
| #9 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Hallo Schrauber, PC meldet nach dem Hochfahren einen Sound für Fehler bei der Geräteverbindung. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a1546b37c570634db9578dd00f5efe0d # engine=22812 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-08 10:46:50 # local_time=2015-03-08 11:46:50 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 52312973 177484660 0 0 # scanned=285987 # found=12 # cleaned=0 # scan_time=10296 sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator.LAVAMAT\AppData\Local\Torch\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" sh=E33C6DA49B113D8A1E87E923CBCD69CD0BADD173 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cbdjgldcmhokacdplahfconcplcblicc\207\c4ps9Efm.js.vir" sh=7825FEE4A96595DC343E6361396C0FC63BF457EF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pinmfpdncegkhldodlaohgeobpmdneie\3.9\n755LydU17_D.js.vir" UNSUPPORTED OPERATING SYSTEM! ABORTED! FRST Logfile: |
|
09.03.2015, 13:14
| #10 |
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Ist da auch was Externes angeschlossen? Rest von Oben noch bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 16:07
| #11 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Nein, nichts externes. Ich habe aber einen Card-Reader für meine Speicherkarte im Handy, einen USB-Stick mit Musik und einen mit privaten Bildern. Welchen Rest meinst Du? Gruß, Baba Yaga |
|
10.03.2015, 09:27
| #12 | ||
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und ChaosZitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 15:37
| #13 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Wenn ich denn PC hochfahre kommt der Sound, ohne das etwas angeschlossen ist. Hab noch vergessen zu erwähnen, dass ich einen Hub für kabellose Maus und Tastatur habe, aber die funktionieren. Vor kurzem hatte ich noch Wlan, das habe ich deinstalliert und auf Lan umgestellt. Ich dachte anfänglich nämlich, dass der Sound davon kommt, weil auch immer für Millisekunden ein Fenster aufpoppte. Ich konnte nicht erkennen, was das war. Vielleicht NetgearWlan. Das Fenster ist nun weg, aber der Sound ertönt noch. Warum hat eigentlich der Security Check das OS nicht unterstützt. Ist das so richtig? Und hat der Eset-Scanner die gefundenen Trojaner in die Quarantäne verschoben? Übrigens war bei FRST der Haken für Addition.txt weg. Hab ihn wieder hingemacht. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Besitzer (administrator) on LAVAMAT on 10-03-2015 15:33:53
Running from C:\Users\Besitzer\Downloads
Loaded Profiles: Besitzer (Available profiles: Besitzer & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-31] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-31] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45271E45-F8EE-4CF0-8150-EB4AE68EA381}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{68CBE66B-5D8F-4E63-8AA6-FB12EFDEB1FD}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default
FF Homepage: google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Windows\system32\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2472162299-3273411272-195361004-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Besitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: Avira Browser Safety - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\donottrackplus@abine.com [2014-11-27]
FF Extension: HTTPS-Everywhere - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\https-everywhere@eff.org [2015-01-23]
FF Extension: YouTube Unblocker - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-25]
FF Extension: ipFuck - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\ipfuck@p4ul.info.xpi [2013-05-20]
FF Extension: YouTube Center - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-03-02]
FF Extension: Flash Control - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2014-12-23]
FF Extension: Vlc Kontextmenü - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2014-03-26]
FF Extension: WebM Inline Player - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\webminline@player.xpi [2014-12-27]
FF Extension: Flagfox - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: NoScript - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-15]
FF Extension: ImTranslator - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-11-25]
FF Extension: {c7f8df0d-8427-448d-b759-b71533baa0f8} - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{c7f8df0d-8427-448d-b759-b71533baa0f8}.xpi [2014-12-25]
FF Extension: BetterPrivacy - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\p0li2xkm.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Besitzer\AppData\Roaming\14001.011
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-25]
CHR Extension: (Google Slides) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Blur) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (HTTPS Everywhere) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (ScriptSafe) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-03] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\1366.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-03-09] (Nicomsoft Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 04:31 - 2015-03-10 14:34 - 00000280 _____ () C:\Windows\setupact.log
2015-03-10 04:31 - 2015-03-10 04:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-09 00:06 - 2015-03-09 00:07 - 00042298 _____ () C:\Users\Besitzer\Downloads\Addition.txt
2015-03-09 00:05 - 2015-03-10 15:34 - 00021332 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2015-03-09 00:04 - 2015-03-09 00:04 - 00852604 _____ () C:\Users\Besitzer\Downloads\SecurityCheck.exe
2015-03-08 18:48 - 2015-03-08 18:48 - 00000000 ____D () C:\Users\Besitzer\Downloads\FRST-OlderVersion
2015-03-08 18:41 - 2015-03-08 18:41 - 01388333 _____ (Thisisu) C:\Users\Besitzer\Downloads\JRT.exe
2015-03-08 16:22 - 2015-03-08 16:28 - 00000000 ___DC () C:\AdwCleaner
2015-03-08 16:21 - 2015-03-08 16:21 - 02126848 _____ () C:\Users\Besitzer\Downloads\AdwCleaner_4.111.exe
2015-03-07 20:25 - 2015-03-07 20:51 - 00000000 ___DC () C:\Qoobox
2015-03-07 20:25 - 2015-03-07 20:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 20:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 20:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 20:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 20:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 20:22 - 2015-03-07 20:23 - 05612482 ____R (Swearware) C:\Users\Besitzer\Downloads\ComboFix.exe
2015-03-06 21:43 - 2015-03-10 15:33 - 00000000 ___DC () C:\FRST
2015-03-06 15:09 - 2015-03-06 15:09 - 00050477 _____ () C:\Users\Besitzer\Downloads\Defogger.exe
2015-03-06 15:08 - 2015-03-08 18:48 - 02095104 ____C (Farbar) C:\Users\Besitzer\Downloads\FRST64.exe
2015-03-06 15:08 - 2015-03-06 15:08 - 00380416 _____ () C:\Users\Besitzer\Downloads\Gmer-19357.exe
2015-03-06 14:21 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\1366.tmp
2015-03-06 14:08 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\2030.tmp
2015-03-06 14:00 - 2015-03-06 14:00 - 00003186 _____ () C:\Windows\System32\Tasks\{906A96A5-4B4C-488D-BF30-A8AF8F8FF547}
2015-03-06 13:56 - 2015-03-06 13:56 - 00003180 _____ () C:\Windows\System32\Tasks\{DFE22B96-877E-43BA-8F3F-6AF3E3146E08}
2015-03-06 13:52 - 2015-03-06 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-06 11:04 - 2015-03-06 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Besitzer\Desktop\Santa Claus in trouble ...again! - Demo.lnk
2015-03-05 21:35 - 2015-03-05 21:35 - 00001008 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in trouble ...again! - Demo.lnk
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ___DC () C:\Spiele)
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo
2015-03-05 21:35 - 2015-03-05 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in trouble ...again! - Demo
2015-03-05 21:34 - 2015-03-05 21:34 - 00000000 ____D () C:\Users\Besitzer\Desktop\SantaIIDemo
2015-03-05 05:45 - 2015-03-09 22:24 - 00020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2015-03-03 05:57 - 2015-03-03 06:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Besitzer\Downloads\mbar-1.09.1.1004.exe
2015-03-03 05:53 - 2015-03-08 15:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 05:53 - 2015-03-03 06:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 05:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 05:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 04:25 - 2015-03-03 04:25 - 00000000 ____D () C:\Users\Besitzer\Downloads\mbam-chameleon-3.1.7.0
2015-03-02 02:20 - 2015-03-02 02:20 - 00001317 _____ () C:\Users\Administrator.LAVAMAT\Desktop\Santa Claus in Trouble.lnk
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santa Claus in Trouble
2015-03-02 02:20 - 2015-03-02 02:20 - 00000000 ____D () C:\Program Files (x86)\Spiele
2015-02-28 16:57 - 2015-03-05 05:56 - 00000000 ____D () C:\Program Files (x86)\AOC-i-Menu
2015-02-28 16:57 - 2015-02-28 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu
2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+
2015-02-28 16:56 - 2015-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\AOC-Screen+
2015-02-28 11:26 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-28 11:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-28 11:23 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-28 11:22 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-28 11:22 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-25 20:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 20:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 20:20 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-20 20:20 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-20 20:20 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-20 20:20 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 11:30 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 11:30 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 11:30 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 11:30 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:18 - 2015-02-11 19:18 - 00000000 ____D () C:\Users\Besitzer\Eigener Kram\PassionFruit Games
2015-02-11 16:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:13 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:13 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:13 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:13 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:13 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:13 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:13 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:13 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:13 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:13 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:13 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:13 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:13 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:13 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:13 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:13 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:13 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:13 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:13 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:13 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:13 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:13 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:13 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:13 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:13 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:13 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:13 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:13 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:13 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:12 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:12 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:12 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:12 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:12 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:12 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:12 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:12 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:12 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:12 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:12 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:12 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:12 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:12 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:12 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:12 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:12 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:12 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 16:12 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 16:12 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 16:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 16:11 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 14:41 - 2014-07-01 00:33 - 01329539 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 14:41 - 2013-07-06 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 14:41 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 14:41 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 14:34 - 2011-04-01 10:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-10 14:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 04:30 - 2014-09-04 04:29 - 00000000 ____D () C:\ProgramData\Origin
2015-03-09 16:24 - 2014-09-04 04:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-09 01:23 - 2013-12-05 20:37 - 00000000 ___RD () C:\Users\Besitzer\Desktop\Aktuell
2015-03-08 20:41 - 2009-07-14 18:58 - 00699456 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:41 - 2009-07-14 18:58 - 00149596 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:41 - 2009-07-14 06:13 - 01620784 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 20:51 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-07 20:44 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-03-07 20:43 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-03-07 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-03-07 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-03-07 20:25 - 2012-11-16 04:21 - 00000000 ____D () C:\Users\Administrator.LAVAMAT
2015-03-07 12:19 - 2014-10-25 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 22:02 - 2011-04-01 10:03 - 00000000 ___RD () C:\Users\Besitzer
2015-03-06 14:21 - 2011-04-03 22:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 13:52 - 2013-07-13 01:05 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-06 13:52 - 2011-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-06 13:42 - 2013-05-31 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-06 13:42 - 2013-04-02 19:16 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Mp3tag
2015-03-06 13:21 - 2014-04-29 10:33 - 00022528 ____H () C:\Users\Besitzer\Desktop\photothumb.db
2015-03-06 11:36 - 2012-03-31 20:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc
2015-03-05 21:34 - 2011-04-03 22:35 - 00000000 ___RD () C:\Spiele
2015-03-04 04:56 - 2012-10-25 16:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Privates
2015-03-03 07:03 - 2011-11-29 18:17 - 00000000 ____D () C:\Windows\pss
2015-03-03 05:53 - 2014-12-25 21:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-03 01:36 - 2012-08-09 20:25 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram\Alice
2015-03-02 01:41 - 2009-07-14 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-28 11:26 - 2014-07-16 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-24 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 11:58 - 2013-12-03 02:40 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-12 11:58 - 2013-12-03 02:40 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-12 11:58 - 2013-12-03 02:40 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-11 20:34 - 2013-05-05 12:25 - 00408952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:31 - 2014-12-10 07:44 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:31 - 2014-04-30 15:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:11 - 2013-08-15 02:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:03 - 2011-11-21 00:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 19:18 - 2012-04-26 23:02 - 00000000 ___RD () C:\Users\Besitzer\Eigener Kram
==================== Files in the root of some directories =======
2012-08-09 02:18 - 2012-08-09 05:20 - 0000017 _____ () C:\Users\Besitzer\AppData\Roaming\blckdom.res
2013-06-10 21:20 - 2013-06-10 21:20 - 0000046 _____ () C:\Users\Besitzer\AppData\Roaming\Camdata.ini
2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamLayout.ini
2013-06-10 21:20 - 2013-06-10 21:20 - 0000408 _____ () C:\Users\Besitzer\AppData\Roaming\CamShapes.ini
2013-06-10 21:19 - 2013-06-10 21:20 - 0004510 _____ () C:\Users\Besitzer\AppData\Roaming\CamStudio.cfg
2011-04-01 23:17 - 2011-11-20 15:42 - 0000146 _____ () C:\Users\Besitzer\AppData\Roaming\default.rss
2011-04-07 00:03 - 2011-04-07 00:03 - 0000000 _____ () C:\Users\Besitzer\AppData\Roaming\downloads.m3u
2011-04-02 01:47 - 2011-04-02 01:47 - 0033134 _____ () C:\Users\Besitzer\AppData\Roaming\UserTile.png
2013-12-19 02:46 - 2013-12-19 02:46 - 0005632 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-01 22:01 - 2013-12-01 22:01 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-06 17:17
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by Besitzer at 2015-03-10 15:34:32 Running from C:\Users\Besitzer\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Alabama Smith: Flucht aus Pompeji (HKLM-x32\...\Alabama Smith: Flucht aus Pompeji) (Version: 0.0.0.0 - INTENIUM GmbH) Alex Gordon (HKLM-x32\...\Alex Gordon) (Version: - ) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira) Beetle Ju 2 (HKLM-x32\...\Beetle Ju 2) (Version: 1.0.0.0 - INTENIUM GmbH) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) BriefeAusDemJenseits (HKLM-x32\...\{FFAB08E3-956E-4155-8DDD-758094D426DB}) (Version: 1.00.0000 - Intenium GmbH) Bubble Odyssey 1.0 (HKLM-x32\...\Bubble Odyssey_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) Codec Decoder Pack (HKLM-x32\...\Codec Decoder Pack) (Version: 1.0 - Codec Decoder) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: 2.0.0.0 - INTENIUM GmbH) Der Exorzist (HKLM-x32\...\Der Exorzist) (Version: 1.0.0.0 - INTENIUM GmbH) DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH) Die Tuttles (HKLM-x32\...\Die Tuttles) (Version: - ) Dr Kawashima (HKU\S-1-5-21-2472162299-3273411272-195361004-1000\...\DrKawashima) (Version: 1.0 - ) Druids: Operation Mistelzweig (HKLM-x32\...\Druids: Operation Mistelzweig) (Version: 1.0.0.0 - INTENIUM GmbH) Farm Frenzy 3 - Ice Age (HKLM-x32\...\{F02C0332-6167-4A5A-92E8-A401946278D3}) (Version: 1.00.0000 - PurpleHills) Folderico 4.0 RC12 (HKLM-x32\...\Folderico) (Version: 4.0 RC12 - Shedko ( www.softq.org )) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Alarm Clock 3.0.3 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group) Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Haus der 1000 Türen 2: Das Juwel des Zarathustra (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra) (Version: 1.0.0.0 - INTENIUM GmbH) Haus der 1000 Türen: Familiengeheimnisse (HKLM-x32\...\Haus der 1000 Türen: Familiengeheimnisse) (Version: 1.0.0.0 - INTENIUM GmbH) HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Hurrican 1.0.0.4 (HKLM-x32\...\Hurrican_is1) (Version: 1.0.0.4 - Poke53280) IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - ) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden i-Menu version 4.3.1 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.1 - AOC) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Jumpin'Jack (HKLM-x32\...\Jumpin'Jack) (Version: - ) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kingdom Chronicles: Königreich in Gefahr (HKLM-x32\...\Kingdom Chronicles: Königreich in Gefahr) (Version: 1.0.0.0 - INTENIUM GmbH) Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Moai: Erschaffe deinen Traum (HKLM-x32\...\Moai: Erschaffe deinen Traum) (Version: 1.0.0.0 - INTENIUM GmbH) Moorhuhn Atlantis (HKLM-x32\...\Moorhuhn Atlantis) (Version: - ) Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mysteriez - Versteckte Zahlen (HKLM-x32\...\Mysteriez - Versteckte Zahlen) (Version: - ) Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - ) PuppetShow: Ruckkehr nach Joyville (HKLM-x32\...\BFG-PuppetShow - Rueckkehr nach Joyville) (Version: - ) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version: - ) Santa Claus in trouble ...again! - Demo (HKLM-x32\...\Santa Claus in trouble ...again! - Demo) (Version: - ) Schatzjäger (HKLM-x32\...\Schatzjäger) (Version: - phenomedia publishing gmbh) Schatzjäger 2 (HKLM-x32\...\{1D0DD240-7752-48B5-A6EF-AC6509E16ABE}) (Version: 1.00.0000 - ) Screen+ version Screen+ 1.2.1 (HKLM\...\Screen+_is1) (Version: Screen+ 1.2.1 - AOC) Sherlock Holmes und der Hund der Baskervilles (HKLM-x32\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden Sky Taxi 4: Streng Geheim (HKLM-x32\...\Sky Taxi 4: Streng Geheim) (Version: 1.0.0.0 - INTENIUM GmbH) Supercow (VOLLVERSION) (HKLM-x32\...\Supercow (VOLLVERSION)) (Version: - ) SuperTux Version 0.3.4 (HKLM-x32\...\{5095BBEC-9A2F-4DA1-B5EF-511C728A2FF6}_is1) (Version: 0.3.4 - SuperTux Development Team) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tiger Eye (HKLM-x32\...\Tiger Eye) (Version: - ) Tiger Eye: Die Opfergabe (HKLM-x32\...\BFG-Tiger Eye - Die Opfergabe) (Version: - ) Timeless: Die vergessene Stadt (HKLM-x32\...\BFG-Timeless - Die vergessene Stadt) (Version: - ) Turtix (HKLM-x32\...\Turtix) (Version: - ) Turtix 2 (HKLM-x32\...\Turtix 2) (Version: 0.0.0.0 - INTENIUM GmbH) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) World Riddles: Secrets Of The Ages 1.0 (HKLM-x32\...\World Riddles: Secrets Of The Ages_is1) (Version: - Funny Bear Studio) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2472162299-3273411272-195361004-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-02-2015 20:00:21 Windows Update 20-02-2015 20:39:01 Windows Update 25-02-2015 20:00:21 Windows Update 05-03-2015 05:47:04 Entfernt NETGEAR WNA3100 wireless USB 2.0 adapter 06-03-2015 13:51:27 Installed QuickTime 7 06-03-2015 14:16:18 Installed Avira RootKit Detection 06-03-2015 14:17:30 Installed Avira RootKit Detection 06-03-2015 14:18:34 Configured Avira RootKit Detection 06-03-2015 14:21:14 Removed Avira RootKit Detection ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-07 20:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B8BE318-7B69-461A-8C64-0EB3DD41DAC3} - System32\Tasks\{C1561D4A-B44B-49DD-A0F8-EF52562CBD95} => pcalua.exe -a "C:\Program Files\Eigene Programme\VLC\VLCPortable\VLCPortable.exe" -d "C:\Program Files\Eigene Programme\VLC\VLCPortable" Task: {12FE15C5-E219-406D-A73E-9D93DB6D3E16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) Task: {3AC414A4-5971-4CFC-B60B-8636D25B8DA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {42153756-BC4F-4142-B347-80108A996A73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {4A4957CD-F67F-4A14-B9CF-C90EB3D39DEC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {57FE0623-8D4E-4FB1-91C8-9A88F98A7279} - System32\Tasks\{68A1FC85-0D22-4FFD-8AFD-E46FD6FA28CD} => pcalua.exe -a C:\Windows\SysWOW64\DivXControlPanelApplet.cpl -c DivX Control Panel Task: {65ABCEE0-8155-427C-8661-D8EA03BCD36B} - System32\Tasks\{A5ED2DA0-1C3C-492C-AB78-B1E3EC3D00BC} => pcalua.exe -a J:\OpenOfficePortable\OpenOfficeWriterPortable.exe -d J:\OpenOfficePortable Task: {6FC8A5D1-2675-4C4B-BB06-1BFCD7B1721C} - System32\Tasks\{906A96A5-4B4C-488D-BF30-A8AF8F8FF547} => pcalua.exe -a C:\Users\Besitzer\Downloads\avira_antivir_antirootkit_en(1).exe -d C:\Users\Besitzer\Downloads Task: {81A2F243-F15D-4F24-81AF-29F76B55FE2D} - System32\Tasks\{7561AFB8-E02B-4BB2-B905-D83B7A1A31AB} => pcalua.exe -a "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA StereoUSB Driver\nvUSBInst.exe" -d "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA StereoUSB Driver" Task: {81E50F47-5E83-4443-96ED-7BFA4F94689B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {8E2A7A38-D385-41AE-9304-70B125AC482D} - System32\Tasks\{205D5359-6194-4D3A-AA1F-6E0491BDCC95} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {9EACE0DB-70A3-499D-85EE-DB7847D8C932} - System32\Tasks\{4A8C9B86-D5D3-40F2-BBB0-46BBD06B0C43} => C:\Users\Besitzer\Desktop\Turtle Odyssey 2\Turtle Odyssey 2.exe Task: {B568EABF-E7AE-418E-BC17-66A2605C9A0B} - System32\Tasks\{0D19AD70-C41F-4F22-9003-E0EAB1EE5BE0} => pcalua.exe -a E:\setup\setup.exe -d E:\setup Task: {C3C296A5-40E8-4763-B0DF-C9D7776A8EE5} - System32\Tasks\{7840164C-A73D-4726-941A-5B45F6B89279} => pcalua.exe -a E:\Start.exe -d E:\ Task: {C9326867-66E5-4B89-80A2-C8731A92B9A8} - System32\Tasks\{4A1360EB-55A7-47DC-B77C-4C620B730949} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{F82C6574-AD88-4B40-A432-970BC77F1BD2} Task: {D31429BC-581F-430B-A934-886EAEF9B323} - System32\Tasks\{5145A4DA-87D0-45AC-AB29-C9EE4A8A24E8} => pcalua.exe -a "C:\Program Files (x86)\OXXOGames\GPlayer\MyInstall.exe" -d C:\Windows\system32 -c ScriptUInst "C:\Program Files (x86)\OXXOGames\GPlayer\Install\\Game_NSoftSupercowCD.log" Task: {D4C17D60-38D1-4714-9D81-1BD33E46B25C} - System32\Tasks\{B00E5003-544E-43D9-9CA9-8A38122A743F} => pcalua.exe -a "C:\Eigene Programme\VLCPortable\VLCPortable.exe" -d C:\Users\Besitzer\Videos\Flash -c "C:\Users\Besitzer\Videos\Flash\Faithless - Insomnia.flv" Task: {F2C7EC5A-0213-416A-926C-77CBE8D63546} - System32\Tasks\{D1BB4EFD-0219-483A-BBAE-B14982220F81} => pcalua.exe -a "C:\Users\Besitzer\Desktop\Neuer Ordner\s_install.exe" -d "C:\Users\Besitzer\Desktop\Neuer Ordner" Task: {F51ABCD2-3A7B-42A6-8941-2E6850D51057} - System32\Tasks\{2D0A611E-70E9-471E-A485-252A68A189C8} => pcalua.exe -a E:\SETUP.exe -d E:\ Task: {FBA7811A-9E7E-4C85-8DEC-14811BAF73C5} - System32\Tasks\{DE59C836-6D79-4D21-9562-2CC82BEF1148} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {FF6210FB-C7D2-466B-A1C1-17C6937D0059} - System32\Tasks\{DFE22B96-877E-43BA-8F3F-6AF3E3146E08} => pcalua.exe -a C:\Users\Besitzer\Downloads\avira_antivir_antirootkit_en.exe -d C:\Users\Besitzer\Downloads Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2012-05-11 23:08 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:00F78F7C AlternateDataStreams: C:\ProgramData\TEMP:0474F714 AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 AlternateDataStreams: C:\ProgramData\TEMP:0F4A7B6A AlternateDataStreams: C:\ProgramData\TEMP:1C611FFB AlternateDataStreams: C:\ProgramData\TEMP:1CB3187E AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:43B12647 AlternateDataStreams: C:\ProgramData\TEMP:48862C37 AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A AlternateDataStreams: C:\ProgramData\TEMP:898C038B AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80 AlternateDataStreams: C:\ProgramData\TEMP:93C494CA AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0 AlternateDataStreams: C:\ProgramData\TEMP:C900B47A AlternateDataStreams: C:\ProgramData\TEMP:CA1AFE85 AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 AlternateDataStreams: C:\ProgramData\TEMP  E220DE0AlternateDataStreams: C:\ProgramData\TEMP:F264BECE AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IePluginServices => 2 MSCONFIG\Services: IMFservice => 2 MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2 MSCONFIG\Services: StumbleUponUpdater => 2 MSCONFIG\Services: SXDS10 => 3 MSCONFIG\Services: WSWNA3100 => 2 MSCONFIG\startupfolder: C:^Users^Besitzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart ==================== Accounts: ============================= Administrator (S-1-5-21-2472162299-3273411272-195361004-500 - Administrator - Disabled) => C:\Users\Administrator.LAVAMAT Besitzer (S-1-5-21-2472162299-3273411272-195361004-1000 - Administrator - Enabled) => C:\Users\Besitzer Gast (S-1-5-21-2472162299-3273411272-195361004-501 - Limited - Disabled) UpdatusUser (S-1-5-21-2472162299-3273411272-195361004-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: NVIDIA GeForce 7025 / NVIDIA nForce 630a Description: NVIDIA GeForce 7025 / NVIDIA nForce 630a Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvlddmkm Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: G:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden. Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) Error: (03/09/2015 03:58:46 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (3016) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS004AB.log. System errors: ============= Error: (03/09/2015 03:58:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/09/2015 03:58:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (03/08/2015 08:39:36 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/08/2015 08:39:17 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden. Error: (03/08/2015 08:39:16 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden. Error: (03/08/2015 08:39:16 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden. Error: (03/08/2015 08:39:15 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (03/09/2015 03:58:46 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) Error: (03/09/2015 03:58:46 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows3016Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS004AB.log-1811 CodeIntegrity Errors: =================================== Date: 2015-03-07 20:35:39.388 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-07 20:35:39.279 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:51.349 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:51.237 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:51.107 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:50.992 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:50.862 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:50.748 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:50.563 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-06 15:56:50.447 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\1366.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 43% Total physical RAM: 2815.24 MB Available physical RAM: 1596.81 MB Total Pagefile: 5628.67 MB Available Pagefile: 3784.36 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:200 GB) (Free:57.43 GB) NTFS Drive d: (Volume) (Fixed) (Total:265.66 GB) (Free:265.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1D884D44) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=265.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================[/CODE] |
|
11.03.2015, 10:22
| #14 |
| /// the machine /// TB-Ausbilder | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AlternateDataStreams: C:\ProgramData\TEMP:00F78F7C
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:0F4A7B6A
AlternateDataStreams: C:\ProgramData\TEMP:1C611FFB
AlternateDataStreams: C:\ProgramData\TEMP:1CB3187E
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:43B12647
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881
AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A
AlternateDataStreams: C:\ProgramData\TEMP:898C038B
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:93C494CA
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0
AlternateDataStreams: C:\ProgramData\TEMP:C900B47A
AlternateDataStreams: C:\ProgramData\TEMP:CA1AFE85
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMPE220DE0
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die ESET Funde sind ja schon alle in Quarantäne.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2015, 16:09
| #15 |
| | Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos Hallo Schrauber, mit Deiner Hilfe und Anleitung habe ich schon so viel gemacht und nicht mal die Hälfte davon verstanden. Dennoch stimmt irgendwie dann irgendwo was nicht mehr. Wieso ist das so? Gestern z.B. war ein Add-On im Firefox deinstalliert, die Sachen davor habe ich Dir ja berichtet. Sag mir bitte, wo wir stehen. Gruß. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Besitzer at 2015-03-11 15:58:28 Run:1
Running from C:\Users\Besitzer\Downloads
Loaded Profiles: Besitzer (Available profiles: Besitzer & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:00F78F7C
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:0F4A7B6A
AlternateDataStreams: C:\ProgramData\TEMP:1C611FFB
AlternateDataStreams: C:\ProgramData\TEMP:1CB3187E
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:43B12647
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881
AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A
AlternateDataStreams: C:\ProgramData\TEMP:898C038B
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:93C494CA
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0
AlternateDataStreams: C:\ProgramData\TEMP:C900B47A
AlternateDataStreams: C:\ProgramData\TEMP:CA1AFE85
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMPE220DE0
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
Emptytemp:
*****************
C:\ProgramData\TEMP => ":00F78F7C" ADS removed successfully.
C:\ProgramData\TEMP => ":0474F714" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":0F4A7B6A" ADS removed successfully.
C:\ProgramData\TEMP => ":1C611FFB" ADS removed successfully.
C:\ProgramData\TEMP => ":1CB3187E" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":43B12647" ADS removed successfully.
C:\ProgramData\TEMP => ":48862C37" ADS removed successfully.
C:\ProgramData\TEMP => ":6ED8B881" ADS removed successfully.
C:\ProgramData\TEMP => ":72A1B66A" ADS removed successfully.
C:\ProgramData\TEMP => ":898C038B" ADS removed successfully.
C:\ProgramData\TEMP => ":8E11CC80" ADS removed successfully.
C:\ProgramData\TEMP => ":93C494CA" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\TEMP => ":BEAA72E0" ADS removed successfully.
C:\ProgramData\TEMP => ":C900B47A" ADS removed successfully.
C:\ProgramData\TEMP => ":CA1AFE85" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.
"AlternateDataStreams: C:\ProgramData\TEMPE220DE0" => "AlternateDataStreams: C:\ProgramData\TEMPE220DE0" ADS not found.
C:\ProgramData\TEMP => ":F264BECE" ADS removed successfully.
C:\ProgramData\TEMP => ":FBFC061F" ADS removed successfully.
HKU\S-1-5-21-2472162299-3273411272-195361004-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
WinRing0_1_2_0 => Service deleted successfully.
EmptyTemp: => Removed 369.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:58:46 ====
|
|
| Themen zu Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos |
| antivir, avira, besitzer, browser, defender, desktop, fehldownload, firefox, flash player, frage, google, helper, home, homepage, iexplore.exe, internet, mozilla, realtek, registry, rootkit, rundll, schein-installation, services.exe, software, svchost.exe, system, usb, win 7, windows |
Linear-Darstellung
