|
Plagegeister aller Art und deren Bekämpfung: Mein Laptop wird von "Outbound" aufgesuchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.06.2015, 21:16 | #1 |
| Mein Laptop wird von "Outbound" aufgesucht Guten Abend, Immer wieder bekomme ich die Meldung von Malwarebytes, dass Outbound Seiten blockiert werden. Zudem vermute ich, dass sich auch andere Viren auf dem Rechner verstecken. Ich lasse momentan den Rechner komplett nach Viren und etc. absuchen. Dafür verwende ich verschiende Programme: Avast! , Microsoft® Windows®-Tool , Malwarebytes, Avira EU-Cleaner . Zu meiner Frage: Wie kann ich meinen Laptop von allen Schadsoftwaren befreien ? Ps.: Falscher Thread bitte Moderator ums verschieben. Geändert von teck19 (01.06.2015 um 21:21 Uhr) |
01.06.2015, 21:50 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
02.06.2015, 00:46 | #3 |
| Mein Laptop wird von "Outbound" aufgesucht FRST Logfile:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by Hirlak (administrator) on HIRLAK-PC on 01-06-2015 23:20:34 Running from C:\Users\Hirlak\Desktop Loaded Profiles: Hirlak & (Available Profiles: Hirlak) Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\PdtWzd.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\PwdBank.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe (Overwolf LTD) C:\Program Files\Overwolf\0.85.190.0\Purplizer\Purplizer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\avwebloader.exe (Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\cleaner.exe (Avira Operations GmbH & Co. KG) C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\avscan.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-11-30] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2009-05-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [VitaKeyPdtWzd] => C:\Program Files\Acer Bio Protection\PdtWzd.exe [3567616 2009-09-05] (Egis Technology Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Chromatic] => C:\Users\Hirlak\AppData\Local\Chromatic\application\chromatic.exe --restore-last-session HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [WatchDog] => C:\Users\Hirlak\AppData\Local\wd\wd.exe HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Updater] => C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\MountPoints2: {11c4b831-eefd-11e3-aed3-70f395270a1a} - H:\setup.exe HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD) HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation) HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Chromatic] => C:\Users\Hirlak\AppData\Local\Chromatic\application\chromatic.exe --restore-last-session HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WatchDog] => C:\Users\Hirlak\AppData\Local\wd\wd.exe HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Updater] => C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {11c4b831-eefd-11e3-aed3-70f395270a1a} - H:\setup.exe Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-17] (Avast Software s.r.o.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-717356552-2788057288-3721422200-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-16] (Oracle Corporation) BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-05-14] (Perfect World Entertainment Inc) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-17] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-16] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-04-14] (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-17] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-05-14] (Perfect World Entertainment Inc) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF user.js: detected! => C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\user.js [2015-06-01] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-16] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01] CHR Extension: (Google Docs) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14] CHR Extension: (Google Drive) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14] CHR Extension: (YouTube) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14] CHR Extension: (Google Sheets) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01] CHR Extension: (Avast Online Security) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-01] CHR Extension: (Amazon-Icon) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2015-06-01] CHR Extension: (Gmail) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-17] CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Hirlak\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-05-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files\Arc\ArcService.exe [88400 2015-05-14] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-17] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-17] (Avast Software) R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-17] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-17] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-17] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-05-17] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-17] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-17] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-17] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-17] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-17] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-08] (Disc Soft Ltd) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29744 2015-05-17] (EgisTec) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-17] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 23:17 - 2015-06-01 23:19 - 00037276 _____ () C:\Users\Hirlak\Desktop\Addition.txt 2015-06-01 23:13 - 2015-06-01 23:20 - 00017043 _____ () C:\Users\Hirlak\Desktop\FRST.txt 2015-06-01 23:09 - 2015-06-01 23:20 - 00000000 ____D () C:\FRST 2015-06-01 22:57 - 2015-06-01 22:59 - 01147392 _____ (Farbar) C:\Users\Hirlak\Desktop\FRST.exe 2015-06-01 22:48 - 2015-06-01 22:48 - 00002245 _____ () C:\Users\Hirlak\Desktop\Chrome App Launcher.lnk 2015-06-01 22:48 - 2015-06-01 22:48 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-01 22:08 - 2015-06-01 22:08 - 00000000 _____ () C:\Users\Hirlak\Downloads\Nicht bestätigt 662887.crdownload 2015-06-01 21:35 - 2015-06-01 21:35 - 00001990 _____ () C:\Users\Hirlak\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-06-01 21:35 - 2015-06-01 21:35 - 00001934 _____ () C:\Users\Hirlak\Desktop\Avira EU-Cleaner.lnk 2015-06-01 20:24 - 2015-06-01 20:24 - 02209056 _____ () C:\Users\Hirlak\Downloads\avira-eu-cleaner_de.exe 2015-06-01 20:23 - 2015-06-01 20:23 - 50811104 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\Windows-KB890830-V5.24.exe 2015-06-01 20:00 - 2015-06-01 22:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-01 19:58 - 2015-06-01 19:58 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-06-01 19:58 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-01 19:58 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-01 19:58 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-01 19:57 - 2015-06-01 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Hirlak\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-01 19:16 - 2015-06-01 19:16 - 00000000 ____D () C:\temp 2015-06-01 19:14 - 2015-06-01 19:14 - 00000000 ____D () C:\ProgramData\4217751947255792026 2015-06-01 19:13 - 2015-06-01 19:29 - 00000000 ____D () C:\ProgramData\{ed808204-444d-0ab0-ed80-082044440811} 2015-06-01 19:10 - 2015-06-01 19:10 - 01285176 _____ (Alcpu ) C:\Users\Hirlak\Downloads\Core-Temp-installer.exe 2015-05-31 21:39 - 2015-05-31 21:39 - 00000000 ____D () C:\ProgramData\Samsung 2015-05-31 21:38 - 2015-05-31 21:38 - 00002069 _____ () C:\Users\Public\Desktop\Smart Switch.lnk 2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-05-31 21:37 - 2015-05-31 21:43 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Samsung 2015-05-31 21:37 - 2015-05-31 21:37 - 00000000 ____D () C:\Program Files\Samsung 2015-05-31 21:37 - 2015-04-23 10:08 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll 2015-05-31 21:35 - 2015-05-31 21:36 - 38854416 _____ (Samsung Electronics Co., Ltd.) C:\Users\Hirlak\Downloads\Smart_Switch_PC.exe 2015-05-31 16:41 - 2015-05-31 16:41 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Steam 2015-05-31 16:38 - 2015-06-01 22:31 - 00000000 ____D () C:\Program Files\Steam 2015-05-31 16:38 - 2015-06-01 14:52 - 00000000 ____D () C:\Program Files\Common Files\Steam 2015-05-31 16:38 - 2015-05-31 16:38 - 00000921 _____ () C:\Users\Public\Desktop\Steam.lnk 2015-05-31 16:38 - 2015-05-31 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-05-31 16:37 - 2015-05-31 16:38 - 01142128 _____ () C:\Users\Hirlak\Downloads\SteamSetup.exe 2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D () C:\Windows\system32\savegame 2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D () C:\Windows\system32\mods 2015-05-31 16:27 - 2015-05-31 16:27 - 00001563 _____ () C:\Users\Hirlak\Desktop\aomx - Verknüpfung.lnk 2015-05-31 16:24 - 2015-05-31 16:24 - 00000914 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk 2015-05-31 16:17 - 2015-06-01 17:28 - 00000000 ____D () C:\Program Files\Age of Mythology Extended Edition 2015-05-31 16:10 - 2014-08-18 17:05 - 00000000 ____D () C:\Users\Hirlak\Desktop\Crack 1.9 2015-05-31 16:10 - 2014-08-14 23:08 - 23233713 _____ () C:\Users\Hirlak\Desktop\Age of Mythology EE Update 1.9-1.bin 2015-05-31 16:10 - 2014-08-14 23:08 - 00687394 _____ ( ) C:\Users\Hirlak\Desktop\Age of Mythology EE Update 1.9.exe 2015-05-31 16:05 - 2015-05-31 16:08 - 26951257 _____ () C:\Users\Hirlak\Downloads\A5geoMyth7ologyExtEdUpd1.9-elamigos.rar 2015-05-31 15:53 - 2015-05-31 15:53 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-31 15:52 - 2015-05-31 15:52 - 06554576 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\vcredist_x86.exe 2015-05-31 15:30 - 2015-05-31 15:30 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-05-31 15:25 - 2015-05-31 15:28 - 27920637 _____ () C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar 2015-05-31 15:25 - 2015-05-31 15:25 - 00638976 _____ () C:\Users\Hirlak\Downloads\Detection.msi 2015-05-31 15:16 - 2014-05-09 12:39 - 00000000 ____D () C:\Users\Hirlak\Desktop\Age.of.Mythology.Extended.Edition-RELOADED 2015-05-31 14:58 - 2015-05-31 14:58 - 00098906 _____ () C:\Users\Hirlak\Downloads\9052.nzb.gz 2015-05-30 20:19 - 2015-05-30 20:19 - 00000000 ____D () C:\Users\Hirlak\Documents\My Games 2015-05-28 21:30 - 2015-05-28 21:30 - 00000000 ____D () C:\aa0c516e50ce26ce47e8fb 2015-05-26 01:42 - 2015-05-26 01:42 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-05-26 01:41 - 2015-05-26 01:41 - 04156991 _____ () C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3 (1).zip 2015-05-25 21:29 - 2015-05-25 21:31 - 00000000 ____D () C:\Program Files\Heroes of the Storm 2015-05-25 21:24 - 2015-05-25 21:29 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Battle.net 2015-05-25 21:24 - 2015-05-25 21:28 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Battle.net 2015-05-25 21:24 - 2015-05-25 21:24 - 00001076 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Blizzard Entertainment 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D () C:\Program Files\Battle.net 2015-05-25 21:22 - 2015-05-25 21:23 - 00000000 ____D () C:\ProgramData\Battle.net 2015-05-25 21:21 - 2015-05-25 21:22 - 03081784 _____ (Blizzard Entertainment) C:\Users\Hirlak\Downloads\Heroes-of-the-Storm-Setup-deDE.exe 2015-05-25 12:51 - 2015-05-25 12:51 - 02403211 _____ () C:\Users\Hirlak\Downloads\brennstoffzelle fertig.pptx 2015-05-25 12:47 - 2014-11-16 18:37 - 02403211 _____ () C:\Users\Hirlak\Desktop\brennstoffzelle fertig.pptx 2015-05-25 03:02 - 2015-05-25 03:02 - 00000000 ____D () C:\b50bb291b111ff5286d199ebe1f2 2015-05-23 23:15 - 2015-05-23 23:16 - 04156991 _____ () C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3.zip 2015-05-22 21:51 - 2015-05-22 21:51 - 00000000 ____D () C:\df51801b649c1a7e529faeea3e017a1a 2015-05-20 17:33 - 2015-05-20 17:33 - 00000000 ____D () C:\860af8b53ba675ac25b09d5d2ae17c 2015-05-19 21:51 - 2015-05-19 21:51 - 00586768 _____ () C:\Windows\Minidump\051915-26379-01.dmp 2015-05-19 21:51 - 2015-05-19 21:51 - 00000000 ____D () C:\Windows\Minidump 2015-05-19 21:50 - 2015-05-19 21:50 - 314921584 _____ () C:\Windows\MEMORY.DMP 2015-05-18 14:21 - 2015-05-18 14:36 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-18 14:21 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ____D () C:\Windows\system32\appraiser 2015-05-18 00:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-05-18 00:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-05-18 00:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-05-18 00:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-05-18 00:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-05-18 00:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-05-18 00:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-05-18 00:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-05-18 00:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-05-18 00:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-05-18 00:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-05-18 00:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-05-18 00:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-05-18 00:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-05-18 00:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-05-18 00:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-05-18 00:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-05-18 00:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-05-18 00:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-05-18 00:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-05-18 00:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-05-18 00:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-05-18 00:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-05-18 00:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-05-18 00:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-05-18 00:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-05-18 00:18 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-05-18 00:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-05-18 00:18 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-05-18 00:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-05-18 00:18 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-05-18 00:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-05-18 00:18 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-05-18 00:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-05-18 00:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-05-18 00:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-05-18 00:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-05-18 00:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-05-18 00:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-05-18 00:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-05-18 00:18 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-05-18 00:18 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-05-18 00:18 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-05-18 00:18 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-05-18 00:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-05-18 00:18 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-05-18 00:18 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-05-18 00:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-05-18 00:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-05-18 00:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-05-18 00:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-05-18 00:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-05-17 23:14 - 2015-05-25 22:58 - 00000000 ____D () C:\Program Files\Neverwinter_de 2015-05-17 20:38 - 2015-05-29 15:33 - 00000161 _____ () C:\Users\Hirlak\Desktop\real.txt 2015-05-17 20:26 - 2015-05-17 23:37 - 00000000 ___HD () C:\ArcTemp 2015-05-17 20:20 - 2015-05-25 12:54 - 00000000 ____D () C:\Program Files\Arc 2015-05-17 20:20 - 2015-05-21 20:00 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Arc 2015-05-17 20:20 - 2015-05-17 23:37 - 00001875 _____ () C:\Users\Public\Desktop\Neverwinter.lnk 2015-05-17 20:20 - 2015-05-17 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2015-05-17 20:20 - 2015-05-17 20:20 - 00001546 _____ () C:\Users\Public\Desktop\Arc.lnk 2015-05-17 20:20 - 2015-05-17 20:20 - 00000000 ____D () C:\Users\Public\Documents\Arc 2015-05-17 20:18 - 2015-05-17 20:18 - 00996688 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\Neverwinter_ArcSetup.exe 2015-05-17 20:18 - 2015-05-17 20:18 - 00000000 ____D () C:\Users\Hirlak\Downloads\Log 2015-05-17 20:18 - 2015-05-07 23:28 - 10480240 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\ArcInstall_NW_20150430a.exe 2015-05-17 18:47 - 2015-03-23 03:36 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-05-17 18:47 - 2015-03-23 03:35 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-05-17 18:47 - 2015-03-23 03:35 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-05-17 18:47 - 2015-03-23 03:30 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-05-17 18:47 - 2015-01-28 01:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-05-17 18:47 - 2014-12-04 04:20 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-05-17 15:31 - 2015-05-17 15:31 - 05676608 _____ () C:\Users\Hirlak\Downloads\QuestHelper3.3.5.rar 2015-05-17 15:26 - 2015-05-17 15:27 - 00216934 _____ () C:\Users\Hirlak\Downloads\GearScore.zip 2015-05-17 15:26 - 2015-05-17 15:26 - 00007638 _____ () C:\Users\Hirlak\Downloads\GearScoreLite3x04.zip 2015-05-17 15:23 - 2015-05-17 15:23 - 00001113 _____ () C:\Users\Hirlak\Desktop\Wow - Verknüpfung.lnk 2015-05-17 14:14 - 2015-05-17 14:14 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-17 13:50 - 2015-05-26 15:42 - 00000000 ____D () C:\Users\Hirlak\Desktop\World of Warcraft 3.3.5.a 2015-05-17 13:50 - 2012-04-02 19:52 - 00000000 ____D () C:\Users\Hirlak\Desktop\World.of.Warcraft3.3.5a.FULL 2015-05-17 13:37 - 2009-09-03 15:18 - 00490088 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 10387456 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 09791552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-05-17 13:35 - 2009-07-28 18:56 - 07627776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 03156480 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01705984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01530400 _____ (NVIDIA Corporation) C:\Windows\system32\nvencodemft.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01317408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00991744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00795104 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 00678432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 00256544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1510.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00010155 _____ () C:\Windows\system32\nvdisp.nvu 2015-05-17 13:35 - 2009-07-28 18:56 - 00004224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2015-05-17 13:35 - 2009-05-01 10:13 - 00064032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys 2015-05-17 13:35 - 2009-05-01 10:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap32.dll 2015-05-17 13:35 - 2009-04-26 22:02 - 00457248 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda.exe 2015-05-17 13:35 - 2009-04-26 22:02 - 00143360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda.dll 2015-05-17 13:35 - 2009-04-26 21:59 - 00001407 _____ () C:\Windows\system32\nvhda.nvu 2015-05-17 13:31 - 2015-05-17 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-05-17 13:30 - 2015-05-17 13:31 - 00000000 ____D () C:\Program Files\Acer Bio Protection 2015-05-17 13:30 - 2015-05-17 13:30 - 00469552 _____ (EgisTec) C:\Windows\system32\NBMatS1SDK.dll 2015-05-17 13:29 - 2015-05-17 13:29 - 00029744 _____ (EgisTec) C:\Windows\system32\Drivers\FPSensor.sys 2015-05-17 13:26 - 2015-05-17 13:26 - 00005540 _____ () C:\Windows\DPINST.LOG 2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01007.Wdf 2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____D () C:\Program Files\Apoint2K 2015-05-17 13:25 - 2009-05-24 19:50 - 00203824 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys 2015-05-17 13:25 - 2009-05-08 14:47 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll 2015-05-17 13:25 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-05-17 13:24 - 2015-05-17 13:28 - 177538108 _____ () C:\Users\Hirlak\Downloads\VGA_NVIDIA_8.15.11.8652_W7x86W7x64_A.zip 2015-05-17 13:24 - 2015-05-17 13:26 - 106587892 _____ () C:\Users\Hirlak\Downloads\Fingerprint_EGISTEC_6.2.56_W7x64W7x86_A.zip 2015-05-17 13:24 - 2015-05-17 13:25 - 08853222 _____ () C:\Users\Hirlak\Downloads\TouchPad_ALPS_7.5.2015.1103_W7x64W7x86_A.zip 2015-05-17 13:01 - 2015-05-17 13:02 - 12415994 _____ () C:\Users\Hirlak\Downloads\MugiwarasNewWorldBT_TW7-DESKANIME.NET.zip 2015-05-17 12:25 - 2015-06-01 22:33 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Purplizer 2015-05-17 12:18 - 2015-05-26 01:51 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\TS3Client 2015-05-17 12:18 - 2015-05-17 12:18 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-05-17 12:18 - 2015-05-17 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-05-17 12:17 - 2015-05-17 12:18 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-05-17 12:15 - 2015-05-17 12:23 - 00000000 ____D () C:\ProgramData\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00001915 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Program Files\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D () C:\Program Files\Common Files\Overwolf 2015-05-17 12:13 - 2015-06-01 22:32 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\Overwolf 2015-05-17 02:19 - 2015-05-17 09:51 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\FluxSoftware 2015-05-17 01:22 - 2015-05-17 13:50 - 324003183 _____ () C:\Users\Hirlak\Downloads\World.of.Warcraft3.3.5a.rar 2015-05-17 01:12 - 2015-05-17 01:12 - 00000000 ____D () C:\Windows\system32\vbox 2015-05-17 01:02 - 2015-03-19 04:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-17 01:02 - 2015-03-19 04:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-17 01:01 - 2015-05-17 01:01 - 00000000 ____D () C:\Users\Hirlak\Desktop\Windows Loader2.0.0 2015-05-17 01:01 - 2011-04-07 10:07 - 00002692 _____ () C:\Users\Hirlak\Desktop\--OKU KURULUM--( ANLEITUNG ).txt 2015-05-17 00:59 - 2015-05-17 00:59 - 00000000 ____D () C:\5470cae9f014433e6faddecb8e 2015-05-17 00:57 - 2015-05-17 00:57 - 00000000 ____D () C:\Windows\CheckSur 2015-05-17 00:39 - 2015-05-17 00:39 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-05-17 00:38 - 2015-05-17 00:38 - 00000000 ____D () C:\Program Files\Realtek 2015-05-17 00:38 - 2009-11-30 21:46 - 02795552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 01538592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2015-05-17 00:38 - 2009-11-30 21:46 - 00354848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 00055328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll 2015-05-17 00:38 - 2009-11-30 21:32 - 02968480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2015-05-17 00:38 - 2009-11-24 10:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2015-05-17 00:38 - 2009-11-19 14:45 - 00001352 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat 2015-05-17 00:38 - 2009-11-19 14:44 - 00231056 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat 2015-05-17 00:38 - 2009-11-18 19:42 - 01938704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2015-05-17 00:38 - 2009-11-18 19:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll 2015-05-17 00:38 - 2009-11-18 19:42 - 00311568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2015-05-17 00:38 - 2009-11-17 19:13 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2015-05-17 00:38 - 2009-11-17 19:10 - 00146336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00348160 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00165376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00073216 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00059392 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2015-05-17 00:38 - 2009-10-30 19:56 - 00290816 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2015-05-17 00:38 - 2009-03-09 06:32 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2015-05-17 00:38 - 2009-03-09 06:30 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2015-05-17 00:38 - 2008-11-17 23:07 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat 2015-05-17 00:38 - 2008-08-21 13:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat 2015-05-17 00:38 - 2007-07-30 18:26 - 00126976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll 2015-05-17 00:38 - 2007-07-13 14:11 - 00000008 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat 2015-05-17 00:38 - 2005-06-27 05:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat 2015-05-17 00:37 - 2015-05-17 00:47 - 00000000 ___HD () C:\Program Files\Temp 2015-05-17 00:37 - 2009-11-24 18:40 - 00838176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2015-05-17 00:33 - 2015-05-17 00:33 - 00002063 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-05-17 00:33 - 2015-05-17 00:33 - 00002003 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-05-17 00:33 - 2015-05-17 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-17 00:29 - 2015-05-17 00:25 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-17 00:25 - 2015-05-17 00:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-17 00:21 - 2015-05-17 00:21 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 23:13 - 2014-05-20 00:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-01 22:42 - 2014-05-14 22:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-01 22:34 - 2014-05-13 21:28 - 01894703 _____ () C:\Windows\WindowsUpdate.log 2015-06-01 22:29 - 2014-05-14 22:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-01 22:28 - 2014-05-20 11:17 - 00020996 _____ () C:\Windows\setupact.log 2015-06-01 22:28 - 2014-05-14 15:10 - 00133990 _____ () C:\Windows\PFRO.log 2015-06-01 22:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-01 22:26 - 2009-07-14 06:34 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-01 22:26 - 2009-07-14 06:34 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-01 19:56 - 2014-05-14 22:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-01 19:56 - 2014-05-14 13:27 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-01 19:56 - 2014-05-14 13:27 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-01 19:56 - 2014-05-13 21:29 - 00001409 _____ () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-01 19:23 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini 2015-05-31 21:37 - 2014-05-15 17:02 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-31 15:37 - 2014-05-13 21:31 - 06649824 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-31 15:37 - 2009-07-30 14:43 - 00679342 _____ () C:\Windows\system32\prfh0816.dat 2015-05-31 15:37 - 2009-07-30 14:43 - 00133752 _____ () C:\Windows\system32\prfc0816.dat 2015-05-31 15:37 - 2009-07-30 14:37 - 00691192 _____ () C:\Windows\system32\perfh013.dat 2015-05-31 15:37 - 2009-07-30 14:37 - 00132940 _____ () C:\Windows\system32\perfc013.dat 2015-05-31 15:37 - 2009-07-30 14:31 - 00689108 _____ () C:\Windows\system32\perfh010.dat 2015-05-31 15:37 - 2009-07-30 14:31 - 00127144 _____ () C:\Windows\system32\perfc010.dat 2015-05-31 15:30 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-31 15:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-29 01:50 - 2014-05-15 17:02 - 00000265 _____ () C:\Windows\Brownie.ini 2015-05-25 16:50 - 2014-05-13 21:29 - 00000000 ____D () C:\Users\Hirlak 2015-05-24 11:32 - 2014-05-14 13:58 - 00111912 _____ () C:\Users\Hirlak\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-19 21:13 - 2014-06-08 23:38 - 00000000 ____D () C:\Users\Hirlak\AppData\Roaming\vlc 2015-05-19 12:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-05-18 14:15 - 2014-05-14 15:27 - 00000000 ___RD () C:\Users\Hirlak\Desktop\Microsoft Office 2013 2015-05-18 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-17 15:08 - 2014-05-13 21:29 - 00000000 ____D () C:\Users\Hirlak\AppData\Local\VirtualStore 2015-05-17 14:12 - 2009-07-14 06:33 - 00434472 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-17 14:06 - 2014-05-13 21:29 - 00000000 ___RD () C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-17 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2015-05-17 13:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources 2015-05-17 09:48 - 2014-08-16 16:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-17 01:58 - 2014-05-20 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-17 01:56 - 2014-05-14 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-17 00:28 - 2014-05-14 15:14 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-17 00:28 - 2014-05-14 15:14 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-17 00:24 - 2014-05-14 14:01 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-17 00:24 - 2014-05-14 14:00 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-05-17 00:13 - 2014-05-20 00:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-17 00:13 - 2014-05-20 00:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-06-14 03:31 - 2014-06-14 03:31 - 0000000 _____ () C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D} Some files in TEMP: ==================== C:\Users\Hirlak\AppData\Local\Temp\ChromaticSetup_v1.1.exe C:\Users\Hirlak\AppData\Local\Temp\utils.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 17:57 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015 Ran by Hirlak at 2015-06-01 23:25:54 Running from C:\Users\Hirlak\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-717356552-2788057288-3721422200-500 - Administrator - Disabled) Gast (S-1-5-21-717356552-2788057288-3721422200-501 - Limited - Disabled) Hirlak (S-1-5-21-717356552-2788057288-3721422200-1000 - Administrator - Enabled) => C:\Users\Hirlak ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Age of Mythology: Extended Edition Update v1.9 (HKLM\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avast Internet Security (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) Brother HL-2030 (HKLM\...\{550AC66D-DDF9-497E-A9C1-CD5E07E4B89B}) (Version: 1.00 - Brother) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Die Sims 2 Gold v1.0 (HKLM\...\Die Sims 2 Gold_is1) (Version: - Maxis) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) Fingerprint Solution (Version: 6.1.56.0 - Egis Technology Inc.) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Overwolf (HKLM\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.) Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Smart Switch (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Hidden Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 10-08-2014 21:41:12 Windows Update 10-08-2014 22:54:10 Windows Update 16-08-2014 16:55:31 Windows Update 16-08-2014 17:35:08 Windows Update 19-08-2014 21:28:26 Windows Update 19-08-2014 22:47:31 Windows Update 01-11-2014 21:15:55 Windows Update 17-05-2015 01:11:52 Windows Update 17-05-2015 01:14:08 Windows Update 17-05-2015 09:52:39 Windows Update 17-05-2015 13:29:04 Installiert Fingerprint Solution 17-05-2015 20:19:32 Installiert Arc 18-05-2015 00:16:16 DirectX wurde installiert 18-05-2015 01:32:35 Windows Update 18-05-2015 14:19:22 Windows Update 18-05-2015 15:12:20 Windows Update 19-05-2015 03:00:27 Windows Update 20-05-2015 02:14:17 Windows Update 20-05-2015 16:25:16 Windows Update 20-05-2015 17:33:01 Windows Update 21-05-2015 21:19:44 Windows Update 22-05-2015 21:50:57 Windows Update 23-05-2015 13:24:47 Windows Update 23-05-2015 13:36:07 Windows Update 23-05-2015 23:23:04 Windows Update 25-05-2015 03:00:32 Windows Update 26-05-2015 16:14:21 Windows Update 28-05-2015 21:29:42 Windows Update 29-05-2015 10:29:24 Windows Update 29-05-2015 18:09:28 Windows Update 30-05-2015 20:09:22 Installed Company of Heroes. 31-05-2015 13:06:40 Windows Update 31-05-2015 15:29:40 Removed Company of Heroes. 31-05-2015 15:30:52 Installed System Requirements Lab Detection 31-05-2015 15:31:28 Removed System Requirements Lab Detection 31-05-2015 15:53:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 31-05-2015 21:36:51 Installed Smart Switch 01-06-2015 14:55:20 Windows Update 01-06-2015 19:15:01 Windows Defender Checkpoint 01-06-2015 22:19:00 Avira EU-Cleaner - 01.06.2015 22:18 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {17C88663-29C7-4CE2-B95B-D4EAB37C606F} - System32\Tasks\{D92E80DA-D816-449E-A3D0-E390DCA4C4B6} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment) Task: {1A6294EA-3520-4F02-B15F-74B211B32236} - System32\Tasks\{0565A558-930F-4598-B302-976A1088C681} => C:\Users\Hirlak\Desktop\RA2YR_PP\Red Alert 2 Yuri\Ra2.exe [2005-10-03] () Task: {1DB36057-9415-4DBC-8534-059860780178} - System32\Tasks\{FD379C6F-8E13-4327-B347-A1F85C832D30} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {2002D219-2472-42DD-93A7-940FE4777530} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {2E5449B4-DC0A-47EB-BE7D-6955D5860F7A} - System32\Tasks\{0147B5F9-BAF8-4B8B-B93C-D19FAAB05197} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {30EAD7C4-E443-4A56-A423-617E450D62CF} - System32\Tasks\{4E045BF7-EAD6-4972-B9C9-565E6428E58B} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {47693646-21A7-4570-A65B-3F7403090B53} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {4B1B9446-77D6-4867-B3BB-15042766BC01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {61F4F95C-C9AB-489D-9923-BEA4C9468A2C} - System32\Tasks\{AA8F20C5-B7A8-4D3B-AA47-5C7FC8890338} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {6EA17C32-5D64-4A03-ADA5-BEF661D29932} - System32\Tasks\{0070E565-2297-414E-9DB2-4BCD4D81499E} => pcalua.exe -a "C:\Users\Hirlak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3950YTVY\sp48616[1].exe" -d C:\Users\Hirlak\Desktop Task: {7080C3C5-709B-415E-9A36-14BBA568174B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.) Task: {7AA3EB6D-CC3F-4133-B984-B911C12A6B04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {87704616-F57C-455C-805E-1F4F90E6F549} - System32\Tasks\{C0F2D471-763D-4CB9-9FD8-DDEA0CB7D0DA} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {ADD23B76-ACA5-41AC-A311-C4B451B0CA3F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-17] (Avast Software s.r.o.) Task: {B0DD96D3-F5AB-41D7-A669-79BBC2B66101} - System32\Tasks\{367C39BB-4502-4B12-89C8-88EFADE3AFD4} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment) Task: {B2FD02FE-3A0B-4A4E-9401-E83A2DB78DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.) Task: {E6EB5E94-FADC-480F-BD97-F18D0B976078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated) Task: {EBB1C099-F5DE-4BCD-B194-0F63A31B8E60} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD) Task: {F4EF1740-341B-4EAF-963B-1A84A663104A} - System32\Tasks\{8BB41017-69DF-4CBC-9762-C60EC0E2E963} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-17 00:25 - 2015-05-17 00:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-17 00:25 - 2015-05-17 00:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-01 21:31 - 2015-06-01 21:31 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060101\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-17 00:26 - 2015-05-17 00:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00025600 _____ () C:\Program Files\Overwolf\0.85.190.0\CoreAudioApi.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 40555008 _____ () C:\Program Files\Overwolf\0.85.190.0\libcef.DLL 2015-05-31 16:40 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files\Steam\SDL2.dll 2015-05-31 16:40 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files\Steam\v8.dll 2015-05-31 16:40 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll 2015-05-31 16:40 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll 2015-05-31 16:40 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files\Steam\video.dll 2015-05-31 16:40 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll 2015-05-31 16:40 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2015-05-31 16:40 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll 2015-05-31 16:40 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2015-05-31 16:40 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2015-05-31 16:40 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2015-05-31 16:40 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files\Steam\bin\libcef.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 01274655 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libxml2-2.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00100352 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\zlib1.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00028160 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libssp-0.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00373657 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libmsn.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00021337 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libxmpp.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00415553 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libjabber.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00190464 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libsasl.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00022832 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\libyahoo.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00228908 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\libymsg.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00027811 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\ssl-nss.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00012004 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\plugins\ssl.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00140288 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sasl2\saslDIGESTMD5.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00102912 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sasl2\saslPLAIN.dll 2015-05-04 13:08 - 2015-05-04 13:08 - 00425984 _____ () C:\Program Files\Overwolf\0.85.190.0\Purplizer\sqlite3.dll 2015-05-26 00:54 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-26 00:54 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-05-26 00:54 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll 2015-06-01 21:35 - 2013-09-05 10:59 - 00023784 _____ () C:\Users\Hirlak\AppData\Local\Temp\cleaner\rcNwLoad_de.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-717356552-2788057288-3721422200-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{1541042D-DF0A-489A-8903-2F8D79DF1B3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E65120BC-CC3A-4935-9141-CE2B2ED8791A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9660E691-BC00-49D4-9302-5A3D164198E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{82CA37A6-A1EA-4D7F-9407-D39346C6FD1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1F196C8C-16F9-401A-AB12-9FAE92E1BA92}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AA1ABAA8-64B7-47AF-8EDA-8207F0DB4FDD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B20B6899-BA7D-4B8B-A7B8-6D6AE22D8F05}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{C33CC3E1-64E2-4FDB-A786-BEC7827422E4}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe FirewallRules: [UDP Query User{17BB6491-2C9A-46E9-9E21-45A5EC91C04F}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe FirewallRules: [TCP Query User{68A5E0F9-554D-40CA-8E8E-D4DEE8AA405A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{6C382865-15BB-4EEB-B739-2BCCE41E7BE8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{9289E566-DDD1-4C6C-A4B2-5633F7C185FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0D5CAC28-AE85-484F-BEC1-E50DD0DB3BC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{77C2AF3D-247B-458C-A507-95FB7B0AD061}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{98F6072D-D3E2-4439-A53C-A5FDF14F2EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{99D86E37-F7FC-430B-9427-D195C8BAFB1A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{7AE84B18-A27E-46FE-AAFF-407599E96902}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{999CB5B5-2E5B-4568-A6D4-69F9F5422DC3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D376CDF9-2BEF-430D-836A-0E1B72B75BE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{D26D5821-A8DB-42AF-9E48-3F53C04CB9FE}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{6F609BED-C36F-46C2-8964-551B83E8B08F}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe FirewallRules: [{D9177D33-391C-478F-BDDA-F898B0F8B92C}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe FirewallRules: [{3461EC8E-06F0-4F2E-980F-6730939D3C28}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe FirewallRules: [{8AF6710B-84BC-487A-934C-C21773BE1190}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{6FA40102-7BA2-4F4C-B626-9B11A3A90607}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe FirewallRules: [UDP Query User{545F64C9-C6C0-424A-A254-D6CDE9B74E28}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe FirewallRules: [{43FE6295-E86C-4A6E-94BA-9348623EB4E1}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{5D06BC0B-0B94-4E8E-A7A0-57DDF5E14814}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{ABF00F9D-121C-4EB4-B453-408B1620E5A2}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{1529CBAB-94A7-4E4E-939A-54A535A7BA75}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{CCF8D40A-E13E-4EA7-8976-4D90D372C5BA}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe FirewallRules: [{97DF4E3C-E410-4076-BBE5-B0D44EF972FF}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe FirewallRules: [{6C56684B-AF79-4198-AA66-00BC4CC6492E}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe FirewallRules: [{5A4510F4-2A72-469E-A792-F9D8741233CB}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe FirewallRules: [{92D2858E-AF12-49E9-9412-C10857092377}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe FirewallRules: [{228497AD-67C7-4A60-BB7E-4BA561961A84}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service Update Product Deals since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service Util Product Deals since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary {9eb617cc-040e-4915-b808-5e36623eae21}Gw. System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/01/2015 10:15:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ProtectWindowsManager.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00027404 ID des fehlerhaften Prozesses: 0xfd4 Startzeit der fehlerhaften Anwendung: 0xProtectWindowsManager.exe0 Pfad der fehlerhaften Anwendung: ProtectWindowsManager.exe1 Pfad des fehlerhaften Moduls: ProtectWindowsManager.exe2 Berichtskennung: ProtectWindowsManager.exe3 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 79748 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 79748 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/01/2015 05:41:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13011 System errors: ============= Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows-Ereignisprotokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "DHCP-Client" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/01/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows-Audio" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/01/2015 10:15:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/01/2015 09:00:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/01/2015 08:14:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office: ========================= Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service Update Product Deals since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service Util Product Deals since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/01/2015 10:20:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary {9eb617cc-040e-4915-b808-5e36623eae21}Gw. System Error: Das System kann die angegebene Datei nicht finden. Error: (06/01/2015 10:15:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ProtectWindowsManager.exe0.0.0.000000000ntdll.dll6.1.7600.169154ec49cafc000000500027404fd401d09c8e3ec82365C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exeC:\Windows\SYSTEM32\ntdll.dlle6d226a1-089a-11e5-8e96-933c526905e0 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 79748 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 79748 Error: (06/01/2015 05:42:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/01/2015 05:41:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13011 CodeIntegrity Errors: =================================== Date: 2015-06-01 21:25:17.237 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:57.374 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:57.190 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:21.453 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:21.301 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:34.669 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:34.498 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:01.722 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:01.551 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:23:31.236 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz Percentage of memory in use: 70% Total physical RAM: 3066.84 MB Available physical RAM: 891.9 MB Total Pagefile: 6131.96 MB Available Pagefile: 3314.87 MB Total Virtual: 2047.88 MB Available Virtual: 1891.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:280.79 GB) (Free:111.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.27 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32 Drive h: (Age of Mythology) (CDROM) (Total:2.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 064EC92B) Partition 1: (Not Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=280.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End of log ============================ Code:
ATTFilter Avira EU-Cleaner Erstellungsdatum der Reportdatei: Montag, 1. Juni 2015 22:44 Es wird nach 8714556 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : EU-Cleaner Seriennummer : 2228416263-DECLE-0000001 Plattform : Windows 7 Professional Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : Hirlak Computername : HIRLAK-PC Versionsinformationen: BUILD.DAT : 10.0.0.65 13423 Bytes 07.04.2014 08:37:00 AVSCAN.EXE : 12.0.0.0 566200 Bytes 01.06.2015 19:37:14 AVSCAN.DLL : 12.0.0.0 58728 Bytes 01.06.2015 19:37:13 LUKE.DLL : 12.1.0.17 68304 Bytes 01.06.2015 19:37:24 AVSCPLR.DLL : 10.3.0.2 92776 Bytes 01.06.2015 19:37:15 AVREG.DLL : 12.1.0.20 227024 Bytes 01.06.2015 19:37:11 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:44:44 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 19:44:55 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 19:45:00 VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 19:45:32 VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:46:15 VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 19:47:29 VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 19:50:13 VBASE007.VDF : 7.11.206.228 18292736 Bytes 04.02.2015 19:56:25 VBASE008.VDF : 7.11.213.152 2908672 Bytes 05.03.2015 19:57:53 VBASE009.VDF : 7.11.219.144 1976320 Bytes 25.03.2015 19:58:39 VBASE010.VDF : 7.11.225.66 2312192 Bytes 22.04.2015 19:58:48 VBASE011.VDF : 7.11.230.166 1603584 Bytes 13.05.2015 19:59:12 VBASE012.VDF : 7.11.230.167 2048 Bytes 13.05.2015 19:59:13 VBASE013.VDF : 7.11.230.235 80896 Bytes 13.05.2015 19:59:15 VBASE014.VDF : 7.11.231.71 92160 Bytes 14.05.2015 19:59:19 VBASE015.VDF : 7.11.231.171 66048 Bytes 14.05.2015 19:59:21 VBASE016.VDF : 7.11.231.253 200192 Bytes 15.05.2015 19:59:28 VBASE017.VDF : 7.11.232.15 2048 Bytes 15.05.2015 19:59:28 VBASE018.VDF : 7.11.232.59 64512 Bytes 15.05.2015 19:59:29 VBASE019.VDF : 7.11.232.197 143872 Bytes 16.05.2015 19:59:34 VBASE020.VDF : 7.11.233.13 256000 Bytes 18.05.2015 19:59:46 VBASE021.VDF : 7.11.233.89 271360 Bytes 19.05.2015 19:59:51 VBASE022.VDF : 7.11.233.149 174592 Bytes 19.05.2015 19:59:52 VBASE023.VDF : 7.11.234.176 574976 Bytes 23.05.2015 20:00:13 VBASE024.VDF : 7.11.235.220 797696 Bytes 29.05.2015 20:00:21 VBASE025.VDF : 7.11.236.45 142336 Bytes 30.05.2015 20:00:23 VBASE026.VDF : 7.11.236.83 138240 Bytes 31.05.2015 20:00:30 VBASE027.VDF : 7.11.236.123 120832 Bytes 01.06.2015 20:00:32 VBASE028.VDF : 7.11.236.124 2048 Bytes 01.06.2015 20:00:33 VBASE029.VDF : 7.11.236.125 2048 Bytes 01.06.2015 20:00:33 VBASE030.VDF : 7.11.236.126 2048 Bytes 01.06.2015 20:00:33 VBASE031.VDF : 7.11.236.134 518656 Bytes 01.06.2015 20:00:41 Engineversion : 8.3.30.40 AEVDF.DLL : 8.3.1.6 133992 Bytes 01.06.2015 20:02:43 AESCRIPT.DLL : 8.2.2.68 524352 Bytes 01.06.2015 20:02:38 AESCN.DLL : 8.3.2.10 142456 Bytes 01.06.2015 20:02:32 AESBX.DLL : 8.2.21.0 1622072 Bytes 01.06.2015 20:02:47 AERDL.DLL : 8.2.1.20 731040 Bytes 01.06.2015 20:02:31 AEPACK.DLL : 8.4.0.80 793728 Bytes 01.06.2015 20:02:23 AEOFFICE.DLL : 8.3.1.22 363376 Bytes 01.06.2015 20:02:15 AEMOBILE.DLL : 8.1.7.2 281720 Bytes 01.06.2015 20:03:08 AEHEUR.DLL : 8.1.4.1714 8440688 Bytes 01.06.2015 20:02:07 AEHELP.DLL : 8.3.2.0 281456 Bytes 01.06.2015 20:01:19 AEGEN.DLL : 8.1.7.40 456608 Bytes 01.06.2015 20:01:15 AEEXP.DLL : 8.4.2.88 266296 Bytes 01.06.2015 20:02:48 AEEMU.DLL : 8.1.3.4 399264 Bytes 01.06.2015 20:01:02 AEDROID.DLL : 8.4.3.116 1050536 Bytes 01.06.2015 20:03:05 AECORE.DLL : 8.3.6.2 243624 Bytes 01.06.2015 20:00:55 AEBB.DLL : 8.1.2.0 60448 Bytes 01.06.2015 20:00:52 AVWINLL.DLL : 12.1.0.17 27344 Bytes 01.06.2015 19:37:15 AVPREF.DLL : 12.1.0.17 51920 Bytes 01.06.2015 19:37:10 AVREP.DLL : 12.1.0.17 179408 Bytes 01.06.2015 19:37:12 AVARKT.DLL : Keine Information! SQLITE3.DLL : 3.7.0.0 398288 Bytes 01.06.2015 19:37:47 AVSMTP.DLL : Keine Information! NETNT.DLL : Keine Information! RCIMAGE.DLL : 11.0.8.0 95336 Bytes 01.06.2015 19:37:43 RCTEXT.DLL : 11.0.7.0 401768 Bytes 01.06.2015 19:37:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: unknown Konfigurationsdatei...................: C:\Users\Hirlak\AppData\Local\Temp\cleaner\eucleaner\setup\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: löschen Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, F:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Montag, 1. Juni 2015 22:44 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'F:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'taskhost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'Cleaner.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'avwebloader.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '148' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'Purplizer.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'OverwolfHelper.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'SteamService.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'steamwebhelper.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'PwdBank.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'Steam.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'Overwolf.exe' - '199' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'PdtWzd.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastUI.exe' - '135' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastVBoxSVC.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '172' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'BASVC.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'afwServ.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastSvc.exe' - '158' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'CompPtcVUI.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '0' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\hp\bin\EndProcess.exe [FUND] Enthält Erkennungsmuster der Anwendung APPL/KillApp.A C:\Users\Hirlak\Desktop\Downloads\Microsoft Office Professional Plus 2013 SP1 32Bit\Aktivierung\Microsoft Toolkit.exe [FUND] Enthält Erkennungsmuster des SPR/Tool.AutoKMS.4-Programmes Beginne mit der Suche in 'D:\' <SYSTEM> Beginne mit der Suche in 'E:\' <HP_RECOVERY> Beginne mit der Suche in 'F:\' <HP_TOOLS> Beginne mit der Desinfektion: |
02.06.2015, 08:14 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesuchtZitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
03.06.2015, 20:13 | #5 |
| Mein Laptop wird von "Outbound" aufgesucht Es sollte jetzt alles beseitigt sein. |
03.06.2015, 22:15 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Mein Laptop wird von "Outbound" aufgesucht |
11.06.2015, 11:10 | #7 |
| Mein Laptop wird von "Outbound" aufgesucht Combofix Log: Code:
ATTFilter ComboFix 15-06-09.01 - Hirlak 11.06.2015 11:49:45.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3067.1537 [GMT 2:00] ausgeführt von:: c:\users\Hirlak\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\4217751947255792026 c:\programdata\4217751947255792026\5c3b56b1c2839fa27847825cfa7d9411.ini c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\extensions\staged\ro@9h.edu c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\extensions\staged\ro@9h.edu\bootstrap.js c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\extensions\staged\ro@9h.edu\chrome.manifest c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\extensions\staged\ro@9h.edu\content\bg.js c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\extensions\staged\ro@9h.edu\install.rdf c:\windows\system32\pt c:\windows\system32\pt\AuthFWSnapIn.Resources.dll c:\windows\system32\pt\AuthFWWizFwk.Resources.dll c:\windows\system32\pt\Narrator.resources.dll . . ((((((((((((((((((((((( Dateien erstellt von 2015-05-11 bis 2015-06-11 )))))))))))))))))))))))))))))) . . 2015-06-09 09:17 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCA0643-07BA-452F-8409-1068D43E55DE}\mpengine.dll 2015-06-07 19:33 . 2015-06-07 19:33 -------- d-----w- C:\e4b00b4f5f4ba0a986920bfbee 2015-06-03 19:20 . 2015-06-03 19:20 -------- d-----w- C:\80b203d8650f603dce 2015-06-03 11:49 . 2015-05-16 22:25 291312 ----a-w- c:\windows\system32\aswBoot.exe 2015-06-01 21:09 . 2015-06-02 11:39 -------- d-----w- C:\FRST 2015-06-01 18:00 . 2015-06-11 09:32 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-01 17:58 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-01 17:58 . 2015-04-14 07:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-01 17:58 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-01 17:58 . 2015-06-01 17:58 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware 2015-06-01 17:58 . 2015-06-01 17:58 -------- d-----w- c:\programdata\Malwarebytes 2015-06-01 17:16 . 2015-06-01 17:16 -------- d-----w- C:\temp 2015-06-01 17:13 . 2015-06-01 17:29 -------- d-----w- c:\programdata\{ed808204-444d-0ab0-ed80-082044440811} 2015-05-31 19:39 . 2015-05-31 19:39 -------- d-----w- c:\programdata\Samsung 2015-05-31 19:37 . 2015-05-31 19:43 -------- d-----w- c:\users\Hirlak\AppData\Roaming\Samsung 2015-05-31 19:37 . 2015-04-23 08:08 144664 ----a-w- c:\windows\system32\secman.dll 2015-05-31 19:37 . 2015-05-31 19:37 -------- d-----w- c:\program files\Samsung 2015-05-31 14:41 . 2015-05-31 14:41 -------- d-----w- c:\users\Hirlak\AppData\Local\Steam 2015-05-31 14:38 . 2015-06-03 11:59 -------- d-----w- c:\program files\Common Files\Steam 2015-05-31 14:38 . 2015-06-11 09:32 -------- d-----w- c:\program files\Steam 2015-05-31 14:29 . 2015-05-31 14:30 -------- d-----w- c:\windows\system32\Logs 2015-05-31 14:29 . 2015-05-31 14:29 -------- d-----w- c:\windows\system32\savegame 2015-05-31 14:29 . 2015-05-31 14:29 -------- d-----w- c:\windows\system32\mods 2015-05-31 14:17 . 2015-06-03 12:08 -------- d-----w- c:\program files\Age of Mythology Extended Edition 2015-05-31 13:53 . 2015-05-31 13:53 -------- d-----w- c:\programdata\Package Cache 2015-05-28 19:30 . 2015-05-28 19:30 -------- d-----w- C:\aa0c516e50ce26ce47e8fb 2015-05-25 23:42 . 2015-05-25 23:42 -------- d-----w- c:\programdata\boost_interprocess 2015-05-25 19:29 . 2015-05-25 19:31 -------- d-----w- c:\program files\Heroes of the Storm 2015-05-25 19:24 . 2015-05-25 19:24 -------- d-----w- c:\users\Hirlak\AppData\Local\Blizzard Entertainment 2015-05-25 19:24 . 2015-05-25 19:29 -------- d-----w- c:\users\Hirlak\AppData\Local\Battle.net 2015-05-25 19:24 . 2015-05-25 19:28 -------- d-----w- c:\users\Hirlak\AppData\Roaming\Battle.net 2015-05-25 19:24 . 2015-05-25 19:24 -------- d-----w- c:\program files\Battle.net 2015-05-25 19:24 . 2015-05-25 19:24 -------- d-----w- c:\programdata\Blizzard Entertainment 2015-05-25 19:22 . 2015-05-25 19:23 -------- d-----w- c:\programdata\Battle.net 2015-05-25 01:02 . 2015-05-25 01:02 -------- d-----w- C:\b50bb291b111ff5286d199ebe1f2 2015-05-22 19:51 . 2015-05-22 19:51 -------- d-----w- C:\df51801b649c1a7e529faeea3e017a1a 2015-05-20 15:33 . 2015-05-20 15:33 -------- d-----w- C:\860af8b53ba675ac25b09d5d2ae17c 2015-05-18 12:21 . 2015-06-11 09:50 -------- d-----w- c:\windows\system32\MRT 2015-05-18 12:02 . 2015-05-18 12:02 -------- d-s---w- c:\windows\system32\CompatTel 2015-05-18 12:02 . 2015-05-18 12:02 -------- d-----w- c:\windows\system32\appraiser 2015-05-17 22:17 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2015-05-17 21:14 . 2015-05-25 20:58 -------- d-----w- c:\program files\Neverwinter_de 2015-05-17 18:26 . 2015-05-17 21:37 -------- d-----w- C:\ArcTemp 2015-05-17 18:20 . 2015-05-21 18:00 -------- d-----w- c:\users\Hirlak\AppData\Roaming\Arc 2015-05-17 18:20 . 2015-05-25 10:54 -------- d-----w- c:\program files\Arc 2015-05-17 16:47 . 2015-01-27 23:28 1167520 ----a-w- c:\windows\system32\aitstatic.exe 2015-05-17 16:47 . 2015-03-23 01:36 576000 ----a-w- c:\windows\system32\generaltel.dll 2015-05-17 16:47 . 2015-03-23 01:36 630784 ----a-w- c:\windows\system32\invagent.dll 2015-05-17 16:47 . 2015-03-23 01:36 331264 ----a-w- c:\windows\system32\devinv.dll 2015-05-17 16:47 . 2015-03-23 01:35 26112 ----a-w- c:\windows\system32\acmigration.dll 2015-05-17 16:47 . 2015-03-23 01:30 896000 ----a-w- c:\windows\system32\aeinv.dll 2015-05-17 16:47 . 2014-12-04 02:20 159744 ----a-w- c:\windows\system32\aepic.dll 2015-05-17 16:47 . 2015-03-23 01:35 202752 ----a-w- c:\windows\system32\aepdu.dll 2015-05-17 12:14 . 2015-05-17 12:14 -------- d-----w- c:\programdata\NVIDIA 2015-05-17 11:37 . 2009-09-03 13:18 490088 ----a-w- c:\windows\system32\nvuninst.exe 2015-05-17 11:30 . 2015-05-17 11:31 -------- d-----w- c:\program files\Acer Bio Protection 2015-05-17 11:30 . 2015-05-17 11:30 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll 2015-05-17 11:29 . 2015-05-17 11:29 29744 ----a-w- c:\windows\system32\drivers\FPSensor.sys 2015-05-17 11:26 . 2015-05-17 11:26 -------- d-----w- c:\program files\Apoint2K 2015-05-17 11:25 . 2009-05-24 17:50 203824 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2015-05-17 11:25 . 2009-05-08 12:47 108606 ----a-w- c:\windows\system32\Vxdif.dll 2015-05-17 11:25 . 2008-03-27 15:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2015-05-17 10:25 . 2015-06-11 10:00 -------- d-----w- c:\users\Hirlak\AppData\Local\Purplizer 2015-05-17 10:18 . 2015-05-25 23:51 -------- d-----w- c:\users\Hirlak\AppData\Roaming\TS3Client 2015-05-17 10:17 . 2015-05-17 10:18 -------- d-----w- c:\program files\TeamSpeak 3 Client 2015-05-17 10:15 . 2015-05-17 10:15 -------- d-----w- c:\program files\Overwolf 2015-05-17 10:15 . 2015-05-17 10:15 -------- d-----w- c:\program files\Common Files\Overwolf 2015-05-17 10:15 . 2015-05-17 10:23 -------- d-----w- c:\programdata\Overwolf 2015-05-17 10:13 . 2015-06-11 09:33 -------- d-----w- c:\users\Hirlak\AppData\Local\Overwolf 2015-05-17 00:19 . 2015-05-17 07:51 -------- d-----w- c:\users\Hirlak\AppData\Local\FluxSoftware 2015-05-16 23:12 . 2015-05-16 23:12 -------- d-----w- c:\windows\system32\vbox 2015-05-16 23:02 . 2015-03-19 02:57 3908024 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-05-16 23:02 . 2015-03-19 02:57 3963320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-05-16 22:59 . 2015-05-16 22:59 -------- d-----w- C:\5470cae9f014433e6faddecb8e 2015-05-16 22:57 . 2015-05-16 22:57 -------- d-----w- c:\windows\CheckSur 2015-05-16 22:39 . 2015-05-16 22:39 -------- d-----w- c:\windows\system32\RTCOM 2015-05-16 22:37 . 2015-05-16 22:47 -------- d--h--w- c:\program files\Temp 2015-05-16 22:37 . 2009-11-24 16:40 838176 ----a-w- c:\windows\RtlExUpd.dll 2015-05-16 22:37 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2015-05-16 22:37 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2015-05-16 22:37 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2015-05-16 22:37 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2015-05-16 22:37 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2015-05-16 22:37 . 2015-05-16 22:37 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2015-05-16 22:37 . 2015-05-16 22:37 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2015-05-16 22:25 . 2015-05-16 22:25 43112 ----a-w- c:\windows\avastSS.scr . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-06-10 19:13 . 2014-05-19 22:30 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-06-10 19:13 . 2014-05-19 22:30 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-05-16 22:28 . 2014-05-14 13:14 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-05-16 22:28 . 2014-05-14 12:01 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-05-16 22:28 . 2014-05-14 12:01 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-05-16 22:28 . 2014-05-14 12:01 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-05-16 22:28 . 2014-05-14 12:01 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-05-16 22:28 . 2014-05-14 13:14 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-05-16 22:28 . 2014-05-14 12:01 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-05-16 22:24 . 2014-05-14 12:01 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-04-14 15:11 . 2015-04-14 15:11 1247912 ----a-w- c:\windows\system32\FM20.DLL . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-05-13 16:31 1729752 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-05-13 16:31 1729752 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-05-13 16:31 1729752 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-05-16 22:25 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912] "Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2015-05-04 41200] "Steam"="c:\program files\Steam\steam.exe" [2015-06-02 2892992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-16 5515496] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-30 8120864] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 217088] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3567616] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-04-14 1080120] R3 ArcService;Arc Service;c:\program files\Arc\ArcService.exe [2015-05-14 88400] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-06-11 119512] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928] R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [2015-05-04 999152] R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R4 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-04-14 1871160] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-05-16 787760] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-05-16 427992] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-08 243128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-05-16 24144] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-05-16 74976] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-05-16 106912] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2015-05-17 29744] S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3450368] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-05-16 220752] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-05-16 3207800] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-06-09 16:42 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-19 19:13] . 2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 20:22] . 2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 20:22] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL FF - ProfilePath - c:\users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-Chromatic - c:\users\Hirlak\AppData\Local\Chromatic\application\chromatic.exe HKCU-Run-WatchDog - c:\users\Hirlak\AppData\Local\wd\wd.exe HKCU-Run-Updater - c:\users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe AddRemove-Die Sims 2 Gold_is1 - c:\program files\EA Games\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(600) c:\program files\Acer Bio Protection\PwdFilter.DLL . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\atieclxx.exe c:\windows\system32\nvvsvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Acer Bio Protection\PwdBank.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe c:\program files\Overwolf\0.85.190.0\Purplizer\Purplizer.exe c:\windows\system32\conhost.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-06-11 12:07:41 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-06-11 10:07 . Vor Suchlauf: 28 Verzeichnis(se), 123.769.606.144 Bytes frei Nach Suchlauf: 35 Verzeichnis(se), 124.582.330.368 Bytes frei . - - End Of File - - F039823EE82ED50C15550BDA2406AF6E A36C5E4F47E84449FF07ED3517B43A31 |
11.06.2015, 11:16 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
11.06.2015, 16:04 | #9 |
| Mein Laptop wird von "Outbound" aufgesucht Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.06.2015 Suchlauf-Zeit: 14:24:12 Logdatei: malwere.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.11.02 Rootkit Datenbank: v2015.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Hirlak Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350140 Verstrichene Zeit: 34 Min, 53 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 15:57:39 # Aktualisiert 01/06/2015 von Xplode # Datenbank : 2015-06-09.1 [Server] # Betriebssystem : Windows 7 Professional (x86) # Benutzername : Hirlak - HIRLAK-PC # Gestarted von : C:\Users\Hirlak\Desktop\AdwCleaner_4.206.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\{ed808204-444d-0ab0-ed80-082044440811} Ordner Gelöscht : C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Datei Gelöscht : C:\Users\Hirlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Chromatic.lnk Datei Gelöscht : C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\user.js Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\Tutorials Schlüssel Gelöscht : HKCU\Software\Linkey Schlüssel Gelöscht : HKCU\Software\Chromatic Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Mozilla Firefox v38.0.1 (x86 de) [ex3d2wsc.default-1431814326853\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "oursurfing"); [ex3d2wsc.default-1431814326853\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico"); [ex3d2wsc.default-1431814326853\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "oursurfing"); [ex3d2wsc.default-1431814326853\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1433178738&z=3b5f325182628df1f54bc34g8z9ccc8gcm7bbm3cdb&from=smt&uid=HitachiXHTS725032A9A364_100419PCKC04VPJ3A64[...] -\\ Google Chrome v43.0.2357.124 ************************* AdwCleaner[R0].txt - [3294 Bytes] - [11/06/2015 15:54:48] AdwCleaner[S0].txt - [3250 Bytes] - [11/06/2015 15:57:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3309 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.9.1 (06.08.2015:1) OS: Windows 7 Professional x86 Ran by Hirlak on 11.06.2015 at 16:54:03,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Product Deals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Product Deals ~~~ Files ~~~ Folders ~~~ FireFox ~~~ Chrome [C:\Users\Hirlak\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Hirlak\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Hirlak\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Hirlak\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [ mkcedibhemacmilmkpndpkoidlnmgngg ] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.06.2015 at 16:57:35,77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015 Ran by Hirlak (administrator) on HIRLAK-PC on 11-06-2015 16:58:28 Running from C:\Users\Hirlak\Desktop Loaded Profiles: Hirlak (Available Profiles: Hirlak) Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-11-30] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2009-05-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [VitaKeyPdtWzd] => C:\Program Files\Acer Bio Protection\PdtWzd.exe [3567616 2009-09-05] (Egis Technology Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-02] (Valve Corporation) Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-17] (Avast Software s.r.o.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-16] (Oracle Corporation) BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-05-14] (Perfect World Entertainment Inc) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-17] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-16] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-04-14] (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-05-14] (Perfect World Entertainment Inc) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\Hirlak\AppData\Roaming\Mozilla\Firefox\Profiles\ex3d2wsc.default-1431814326853\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01] CHR Extension: (Google Docs) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14] CHR Extension: (Google Drive) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14] CHR Extension: (YouTube) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14] CHR Extension: (Google Sheets) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01] CHR Extension: (Avast Online Security) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-01] CHR Extension: (Google Wallet) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10] CHR Extension: (Gmail) - C:\Users\Hirlak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files\Arc\ArcService.exe [88400 2015-05-14] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-17] (Avast Software) S2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.) [File not signed] S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-17] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-17] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-17] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-17] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-17] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-17] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-08] (Disc Soft Ltd) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29744 2015-05-17] (EgisTec) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-17] (Avast Software) S3 catchme; \??\C:\Users\Hirlak\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 16:58 - 2015-06-11 16:58 - 00012034 _____ C:\Users\Hirlak\Desktop\FRST.txt 2015-06-11 16:58 - 2015-06-11 16:58 - 00000000 ____D C:\Users\Hirlak\Desktop\FRST-OlderVersion 2015-06-11 16:57 - 2015-06-11 16:57 - 00001388 _____ C:\Users\Hirlak\Desktop\JRT.txt 2015-06-11 16:54 - 2015-06-11 16:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HIRLAK-PC-Windows-7-Professional-(32-bit).dat 2015-06-11 16:54 - 2015-06-11 16:54 - 00000000 ____D C:\RegBackup 2015-06-11 16:53 - 2015-06-11 16:53 - 02943663 _____ (Thisisu) C:\Users\Hirlak\Desktop\JRT.exe 2015-06-11 16:51 - 2015-06-11 16:51 - 00003389 _____ C:\Users\Hirlak\Desktop\AdwCleaner[S0].txt 2015-06-11 15:54 - 2015-06-11 15:57 - 00000000 ____D C:\AdwCleaner 2015-06-11 15:12 - 2015-06-11 15:13 - 02231296 _____ C:\Users\Hirlak\Desktop\AdwCleaner_4.206.exe 2015-06-11 14:22 - 2014-03-15 15:41 - 00000040 ____R C:\Users\Hirlak\Desktop\realmlist.wtf 2015-06-11 12:09 - 2015-06-11 12:09 - 00019654 _____ C:\Users\Hirlak\Desktop\Combofix.txt 2015-06-11 12:07 - 2015-06-11 12:07 - 00019654 _____ C:\ComboFix.txt 2015-06-11 11:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-11 11:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-11 11:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-11 11:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-11 11:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-11 11:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-11 11:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-11 11:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-11 11:44 - 2015-06-11 12:07 - 00000000 ____D C:\Qoobox 2015-06-11 11:43 - 2015-06-11 12:06 - 00000000 ____D C:\Windows\erdnt 2015-06-11 11:40 - 2015-06-11 11:41 - 05628161 ____R (Swearware) C:\Users\Hirlak\Desktop\ComboFix.exe 2015-06-10 21:09 - 2015-06-10 21:09 - 00000082 _____ C:\Users\Hirlak\Desktop\realmlist bc.txt 2015-06-07 21:33 - 2015-06-07 21:33 - 00000000 ____D C:\e4b00b4f5f4ba0a986920bfbee 2015-06-07 20:41 - 2015-06-07 20:41 - 02595746 _____ C:\Users\Hirlak\Downloads\mobmap212english.zip 2015-06-07 19:48 - 2015-06-07 19:48 - 02646059 _____ C:\Users\Hirlak\Downloads\Carbonite.zip 2015-06-07 19:48 - 2015-06-07 19:48 - 02646059 _____ C:\Users\Hirlak\Downloads\Carbonite (1).zip 2015-06-03 21:20 - 2015-06-03 21:20 - 00000000 ____D C:\80b203d8650f603dce 2015-06-03 16:45 - 2015-06-03 16:45 - 05135694 _____ C:\Users\Hirlak\Downloads\QuestHelper-0.59.zip 2015-06-03 16:45 - 2015-06-03 16:45 - 00654522 _____ C:\Users\Hirlak\Downloads\X-Perl 2.4.3g-r189.zip 2015-06-03 16:32 - 2015-06-11 14:22 - 00000000 ____D C:\Users\Hirlak\Desktop\World_of_Warcraft_BC-B2B 2015-06-03 15:44 - 2015-06-03 15:53 - 112947526 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part09.rar 2015-06-03 15:43 - 2015-06-03 16:04 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part08.rar 2015-06-03 15:43 - 2015-06-03 16:01 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part07.rar 2015-06-03 15:43 - 2015-06-03 16:01 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part05.rar 2015-06-03 15:43 - 2015-06-03 15:50 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part06.rar 2015-06-03 15:37 - 2015-06-03 15:58 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part04.rar 2015-06-03 15:36 - 2015-06-03 15:55 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part02.rar 2015-06-03 15:33 - 2015-06-03 15:46 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part01.rar 2015-06-03 15:25 - 2015-06-03 15:31 - 1073741824 _____ C:\Users\Hirlak\Downloads\World_of_Warcraft_BC-B2B.part03.rar 2015-06-03 15:11 - 2015-06-03 15:11 - 08195915 _____ C:\Users\Hirlak\Downloads\Mac_WoW_TBC.app.zip 2015-06-03 13:50 - 2015-06-03 13:50 - 00002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-06-03 13:49 - 2015-05-17 00:25 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-02 14:10 - 2015-06-02 14:11 - 00000000 ____D C:\Users\Hirlak\Desktop\schule 2015-06-02 14:09 - 2015-06-02 14:12 - 00000000 ____D C:\Users\Hirlak\Desktop\Neuer Ordner 2015-06-01 23:09 - 2015-06-11 16:58 - 00000000 ____D C:\FRST 2015-06-01 22:57 - 2015-06-11 16:58 - 01147904 _____ (Farbar) C:\Users\Hirlak\Desktop\FRST.exe 2015-06-01 22:48 - 2015-06-01 22:48 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-01 21:35 - 2015-06-01 21:35 - 00001990 _____ C:\Users\Hirlak\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-06-01 21:35 - 2015-06-01 21:35 - 00001934 _____ C:\Users\Hirlak\Desktop\Avira EU-Cleaner.lnk 2015-06-01 20:24 - 2015-06-01 20:24 - 02209056 _____ C:\Users\Hirlak\Downloads\avira-eu-cleaner_de.exe 2015-06-01 20:23 - 2015-06-01 20:23 - 50811104 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\Windows-KB890830-V5.24.exe 2015-06-01 20:00 - 2015-06-11 16:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-01 19:58 - 2015-06-01 19:58 - 00001060 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-01 19:58 - 2015-06-01 19:58 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-06-01 19:58 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-01 19:58 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-01 19:58 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-01 19:57 - 2015-06-01 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Hirlak\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-01 19:16 - 2015-06-01 19:16 - 00000000 ____D C:\temp 2015-06-01 19:10 - 2015-06-01 19:10 - 01285176 _____ (Alcpu ) C:\Users\Hirlak\Downloads\Core-Temp-installer.exe 2015-05-31 21:39 - 2015-05-31 21:39 - 00000000 ____D C:\ProgramData\Samsung 2015-05-31 21:38 - 2015-05-31 21:38 - 00002069 _____ C:\Users\Public\Desktop\Smart Switch.lnk 2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-05-31 21:38 - 2015-05-31 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-05-31 21:37 - 2015-05-31 21:43 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Samsung 2015-05-31 21:37 - 2015-05-31 21:37 - 00000000 ____D C:\Program Files\Samsung 2015-05-31 21:37 - 2015-04-23 10:08 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll 2015-05-31 21:35 - 2015-05-31 21:36 - 38854416 _____ (Samsung Electronics Co., Ltd.) C:\Users\Hirlak\Downloads\Smart_Switch_PC.exe 2015-05-31 16:41 - 2015-05-31 16:41 - 00000000 ____D C:\Users\Hirlak\AppData\Local\Steam 2015-05-31 16:38 - 2015-06-11 16:50 - 00000000 ____D C:\Program Files\Steam 2015-05-31 16:38 - 2015-06-03 13:59 - 00000000 ____D C:\Program Files\Common Files\Steam 2015-05-31 16:38 - 2015-05-31 16:38 - 00000921 _____ C:\Users\Public\Desktop\Steam.lnk 2015-05-31 16:38 - 2015-05-31 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-05-31 16:37 - 2015-05-31 16:38 - 01142128 _____ C:\Users\Hirlak\Downloads\SteamSetup.exe 2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D C:\Windows\system32\savegame 2015-05-31 16:29 - 2015-05-31 16:29 - 00000000 ____D C:\Windows\system32\mods 2015-05-31 16:27 - 2015-05-31 16:27 - 00001563 _____ C:\Users\Hirlak\Desktop\aomx - Verknüpfung.lnk 2015-05-31 16:24 - 2015-05-31 16:24 - 00000914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology Extended Edition.lnk 2015-05-31 16:17 - 2015-06-03 14:08 - 00000000 ____D C:\Program Files\Age of Mythology Extended Edition 2015-05-31 16:05 - 2015-05-31 16:08 - 26951257 _____ C:\Users\Hirlak\Downloads\A5geoMyth7ologyExtEdUpd1.9-elamigos.rar 2015-05-31 15:53 - 2015-05-31 15:53 - 00000000 ____D C:\ProgramData\Package Cache 2015-05-31 15:52 - 2015-05-31 15:52 - 06554576 _____ (Microsoft Corporation) C:\Users\Hirlak\Downloads\vcredist_x86.exe 2015-05-31 15:30 - 2015-05-31 15:30 - 00000000 ____D C:\Windows\system32\appmgmt 2015-05-31 15:25 - 2015-05-31 15:28 - 27920637 _____ C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar 2015-05-31 15:25 - 2015-05-31 15:25 - 00638976 _____ C:\Users\Hirlak\Downloads\Detection.msi 2015-05-31 14:58 - 2015-05-31 14:58 - 00098906 _____ C:\Users\Hirlak\Downloads\9052.nzb.gz 2015-05-30 20:19 - 2015-05-30 20:19 - 00000000 ____D C:\Users\Hirlak\Documents\My Games 2015-05-28 21:30 - 2015-05-28 21:30 - 00000000 ____D C:\aa0c516e50ce26ce47e8fb 2015-05-26 01:42 - 2015-05-26 01:42 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-05-26 01:41 - 2015-05-26 01:41 - 04156991 _____ C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3 (1).zip 2015-05-25 21:29 - 2015-05-25 21:31 - 00000000 ____D C:\Program Files\Heroes of the Storm 2015-05-25 21:24 - 2015-05-25 21:29 - 00000000 ____D C:\Users\Hirlak\AppData\Local\Battle.net 2015-05-25 21:24 - 2015-05-25 21:28 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Battle.net 2015-05-25 21:24 - 2015-05-25 21:24 - 00001076 _____ C:\Users\Public\Desktop\Battle.net.lnk 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D C:\Users\Hirlak\AppData\Local\Blizzard Entertainment 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2015-05-25 21:24 - 2015-05-25 21:24 - 00000000 ____D C:\Program Files\Battle.net 2015-05-25 21:22 - 2015-05-25 21:23 - 00000000 ____D C:\ProgramData\Battle.net 2015-05-25 21:21 - 2015-05-25 21:22 - 03081784 _____ (Blizzard Entertainment) C:\Users\Hirlak\Downloads\Heroes-of-the-Storm-Setup-deDE.exe 2015-05-25 12:51 - 2015-05-25 12:51 - 02403211 _____ C:\Users\Hirlak\Downloads\brennstoffzelle fertig.pptx 2015-05-25 03:02 - 2015-05-25 03:02 - 00000000 ____D C:\b50bb291b111ff5286d199ebe1f2 2015-05-23 23:15 - 2015-05-23 23:16 - 04156991 _____ C:\Users\Hirlak\Downloads\teamspeak3-server_win32-3.0.11.3.zip 2015-05-22 21:51 - 2015-05-22 21:51 - 00000000 ____D C:\df51801b649c1a7e529faeea3e017a1a 2015-05-20 17:33 - 2015-05-20 17:33 - 00000000 ____D C:\860af8b53ba675ac25b09d5d2ae17c 2015-05-19 21:51 - 2015-05-19 21:51 - 00586768 _____ C:\Windows\Minidump\051915-26379-01.dmp 2015-05-19 21:51 - 2015-05-19 21:51 - 00000000 ____D C:\Windows\Minidump 2015-05-19 21:50 - 2015-05-19 21:50 - 314921584 _____ C:\Windows\MEMORY.DMP 2015-05-18 14:21 - 2015-06-11 11:50 - 00000000 ____D C:\Windows\system32\MRT 2015-05-18 14:21 - 2015-06-11 11:38 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-05-18 14:02 - 2015-05-18 14:02 - 00000000 ____D C:\Windows\system32\appraiser 2015-05-18 00:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-05-18 00:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-05-18 00:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-05-18 00:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-05-18 00:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-05-18 00:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-05-18 00:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-05-18 00:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-05-18 00:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-05-18 00:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-05-18 00:18 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-05-18 00:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-05-18 00:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-05-18 00:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-05-18 00:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-05-18 00:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-05-18 00:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-05-18 00:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-05-18 00:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-05-18 00:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-05-18 00:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-05-18 00:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-05-18 00:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-05-18 00:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-05-18 00:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-05-18 00:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-05-18 00:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-05-18 00:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-05-18 00:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-05-18 00:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-05-18 00:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-05-18 00:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-05-18 00:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-05-18 00:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-05-18 00:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-05-18 00:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-05-18 00:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-05-18 00:18 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-05-18 00:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-05-18 00:18 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-05-18 00:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-05-18 00:18 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-05-18 00:18 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-05-18 00:18 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-05-18 00:18 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-05-18 00:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-05-18 00:18 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-05-18 00:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-05-18 00:18 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-05-18 00:18 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-05-18 00:18 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-05-18 00:18 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-05-18 00:18 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-05-18 00:18 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-05-18 00:18 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-05-18 00:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-05-18 00:18 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-05-18 00:18 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-05-18 00:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-05-18 00:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-05-18 00:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-05-18 00:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-05-18 00:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-05-17 23:14 - 2015-05-25 22:58 - 00000000 ____D C:\Program Files\Neverwinter_de 2015-05-17 20:38 - 2015-05-29 15:33 - 00000161 _____ C:\Users\Hirlak\Desktop\real.txt 2015-05-17 20:26 - 2015-05-17 23:37 - 00000000 ____D C:\ArcTemp 2015-05-17 20:20 - 2015-05-25 12:54 - 00000000 ____D C:\Program Files\Arc 2015-05-17 20:20 - 2015-05-21 20:00 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Arc 2015-05-17 20:20 - 2015-05-17 23:37 - 00001875 _____ C:\Users\Public\Desktop\Neverwinter.lnk 2015-05-17 20:20 - 2015-05-17 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2015-05-17 20:20 - 2015-05-17 20:20 - 00001546 _____ C:\Users\Public\Desktop\Arc.lnk 2015-05-17 20:20 - 2015-05-17 20:20 - 00000000 ____D C:\Users\Public\Documents\Arc 2015-05-17 20:18 - 2015-05-17 20:18 - 00996688 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\Neverwinter_ArcSetup.exe 2015-05-17 20:18 - 2015-05-17 20:18 - 00000000 ____D C:\Users\Hirlak\Downloads\Log 2015-05-17 20:18 - 2015-05-07 23:28 - 10480240 _____ (Perfect World Entertainment) C:\Users\Hirlak\Downloads\ArcInstall_NW_20150430a.exe 2015-05-17 18:47 - 2015-03-23 03:36 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-05-17 18:47 - 2015-03-23 03:36 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-05-17 18:47 - 2015-03-23 03:35 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-05-17 18:47 - 2015-03-23 03:35 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-05-17 18:47 - 2015-03-23 03:30 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-05-17 18:47 - 2015-01-28 01:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-05-17 18:47 - 2014-12-04 04:20 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-05-17 15:31 - 2015-05-17 15:31 - 05676608 _____ C:\Users\Hirlak\Downloads\QuestHelper3.3.5.rar 2015-05-17 15:26 - 2015-05-17 15:27 - 00216934 _____ C:\Users\Hirlak\Downloads\GearScore.zip 2015-05-17 15:26 - 2015-05-17 15:26 - 00007638 _____ C:\Users\Hirlak\Downloads\GearScoreLite3x04.zip 2015-05-17 15:23 - 2015-05-17 15:23 - 00001113 _____ C:\Users\Hirlak\Desktop\Wow - Verknüpfung.lnk 2015-05-17 14:14 - 2015-05-17 14:14 - 00000000 ____D C:\ProgramData\NVIDIA 2015-05-17 13:50 - 2015-05-26 15:42 - 00000000 ____D C:\Users\Hirlak\Desktop\World of Warcraft 3.3.5.a 2015-05-17 13:50 - 2012-04-02 19:52 - 00000000 ____D C:\Users\Hirlak\Desktop\World.of.Warcraft3.3.5a.FULL 2015-05-17 13:37 - 2009-09-03 15:18 - 00490088 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 10387456 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 09791552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-05-17 13:35 - 2009-07-28 18:56 - 07627776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 03156480 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01705984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01530400 _____ (NVIDIA Corporation) C:\Windows\system32\nvencodemft.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 01317408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00991744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00795104 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 00678432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2015-05-17 13:35 - 2009-07-28 18:56 - 00256544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1510.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00155648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2015-05-17 13:35 - 2009-07-28 18:56 - 00010155 _____ C:\Windows\system32\nvdisp.nvu 2015-05-17 13:35 - 2009-07-28 18:56 - 00004224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2015-05-17 13:35 - 2009-05-01 10:13 - 00064032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys 2015-05-17 13:35 - 2009-05-01 10:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap32.dll 2015-05-17 13:35 - 2009-04-26 22:02 - 00457248 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda.exe 2015-05-17 13:35 - 2009-04-26 22:02 - 00143360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda.dll 2015-05-17 13:35 - 2009-04-26 21:59 - 00001407 _____ C:\Windows\system32\nvhda.nvu 2015-05-17 13:31 - 2015-05-17 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-05-17 13:30 - 2015-05-17 13:31 - 00000000 ____D C:\Program Files\Acer Bio Protection 2015-05-17 13:30 - 2015-05-17 13:30 - 00469552 _____ (EgisTec) C:\Windows\system32\NBMatS1SDK.dll 2015-05-17 13:29 - 2015-05-17 13:29 - 00029744 _____ (EgisTec) C:\Windows\system32\Drivers\FPSensor.sys 2015-05-17 13:26 - 2015-05-17 13:26 - 00005540 _____ C:\Windows\DPINST.LOG 2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01007.Wdf 2015-05-17 13:26 - 2015-05-17 13:26 - 00000000 ____D C:\Program Files\Apoint2K 2015-05-17 13:25 - 2009-05-24 19:50 - 00203824 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys 2015-05-17 13:25 - 2009-05-08 14:47 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll 2015-05-17 13:25 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-05-17 13:24 - 2015-05-17 13:28 - 177538108 _____ C:\Users\Hirlak\Downloads\VGA_NVIDIA_8.15.11.8652_W7x86W7x64_A.zip 2015-05-17 13:24 - 2015-05-17 13:26 - 106587892 _____ C:\Users\Hirlak\Downloads\Fingerprint_EGISTEC_6.2.56_W7x64W7x86_A.zip 2015-05-17 13:24 - 2015-05-17 13:25 - 08853222 _____ C:\Users\Hirlak\Downloads\TouchPad_ALPS_7.5.2015.1103_W7x64W7x86_A.zip 2015-05-17 13:01 - 2015-05-17 13:02 - 12415994 _____ C:\Users\Hirlak\Downloads\MugiwarasNewWorldBT_TW7-DESKANIME.NET.zip 2015-05-17 12:25 - 2015-06-11 16:51 - 00000000 ____D C:\Users\Hirlak\AppData\Local\Purplizer 2015-05-17 12:18 - 2015-05-26 01:51 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\TS3Client 2015-05-17 12:18 - 2015-05-17 12:18 - 00001120 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-05-17 12:18 - 2015-05-17 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-05-17 12:17 - 2015-05-17 12:18 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2015-05-17 12:15 - 2015-05-17 12:23 - 00000000 ____D C:\ProgramData\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00001915 _____ C:\Users\Public\Desktop\Overwolf.lnk 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D C:\Program Files\Overwolf 2015-05-17 12:15 - 2015-05-17 12:15 - 00000000 ____D C:\Program Files\Common Files\Overwolf 2015-05-17 12:13 - 2015-06-11 16:50 - 00000000 ____D C:\Users\Hirlak\AppData\Local\Overwolf 2015-05-17 02:19 - 2015-05-17 09:51 - 00000000 ____D C:\Users\Hirlak\AppData\Local\FluxSoftware 2015-05-17 01:22 - 2015-05-17 13:50 - 324003183 _____ C:\Users\Hirlak\Downloads\World.of.Warcraft3.3.5a.rar 2015-05-17 01:12 - 2015-05-17 01:12 - 00000000 ____D C:\Windows\system32\vbox 2015-05-17 01:02 - 2015-03-19 04:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-17 01:02 - 2015-03-19 04:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-17 00:59 - 2015-05-17 00:59 - 00000000 ____D C:\5470cae9f014433e6faddecb8e 2015-05-17 00:57 - 2015-05-17 00:57 - 00000000 ____D C:\Windows\CheckSur 2015-05-17 00:39 - 2015-05-17 00:39 - 00000000 ____D C:\Windows\system32\RTCOM 2015-05-17 00:38 - 2015-05-17 00:38 - 00000000 ____D C:\Program Files\Realtek 2015-05-17 00:38 - 2009-11-30 21:46 - 02795552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 01538592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2015-05-17 00:38 - 2009-11-30 21:46 - 00354848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2015-05-17 00:38 - 2009-11-30 21:46 - 00055328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll 2015-05-17 00:38 - 2009-11-30 21:32 - 02968480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2015-05-17 00:38 - 2009-11-24 10:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll 2015-05-17 00:38 - 2009-11-24 10:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2015-05-17 00:38 - 2009-11-19 14:45 - 00001352 _____ C:\Windows\system32\Drivers\RtHdatEx.dat 2015-05-17 00:38 - 2009-11-19 14:44 - 00231056 _____ C:\Windows\system32\Drivers\RTConvEQ.dat 2015-05-17 00:38 - 2009-11-18 19:42 - 01938704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2015-05-17 00:38 - 2009-11-18 19:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll 2015-05-17 00:38 - 2009-11-18 19:42 - 00311568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2015-05-17 00:38 - 2009-11-17 19:13 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2015-05-17 00:38 - 2009-11-17 19:10 - 00146336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00348160 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00165376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00073216 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2015-05-17 00:38 - 2009-11-13 16:16 - 00059392 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2015-05-17 00:38 - 2009-10-30 19:56 - 00290816 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2015-05-17 00:38 - 2009-03-09 06:32 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2015-05-17 00:38 - 2009-03-09 06:30 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2015-05-17 00:38 - 2008-11-17 23:07 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX0.dat 2015-05-17 00:38 - 2008-08-21 13:43 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX2.dat 2015-05-17 00:38 - 2007-07-30 18:26 - 00126976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll 2015-05-17 00:38 - 2007-07-13 14:11 - 00000008 _____ C:\Windows\system32\Drivers\rtkhdaud.dat 2015-05-17 00:38 - 2005-06-27 05:29 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX1.dat 2015-05-17 00:37 - 2015-05-17 00:47 - 00000000 ___HD C:\Program Files\Temp 2015-05-17 00:37 - 2009-11-24 18:40 - 00838176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2015-05-17 00:33 - 2015-06-03 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-17 00:25 - 2015-05-17 00:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 16:54 - 2014-05-13 21:28 - 01937124 _____ C:\Windows\WindowsUpdate.log 2015-06-11 16:54 - 2009-07-14 06:34 - 00010032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 16:54 - 2009-07-14 06:34 - 00010032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 16:42 - 2014-05-14 22:22 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 16:22 - 2014-05-20 00:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 16:00 - 2014-05-14 22:22 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 15:59 - 2014-05-20 11:17 - 00021948 _____ C:\Windows\setupact.log 2015-06-11 15:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 12:07 - 2009-07-14 06:53 - 00000000 ____D C:\Users\Administrator 2015-06-11 12:07 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2015-06-11 12:07 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2015-06-11 12:02 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2015-06-11 12:00 - 2014-05-14 15:10 - 00167720 _____ C:\Windows\PFRO.log 2015-06-11 11:58 - 2009-07-14 06:53 - 00028096 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-11 11:37 - 2014-05-20 01:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-06-11 11:36 - 2014-05-14 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 21:13 - 2014-05-20 00:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-10 21:13 - 2014-05-20 00:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-09 18:44 - 2014-05-14 22:22 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-03 16:38 - 2014-06-08 11:58 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-06-02 13:21 - 2014-05-13 21:31 - 06649824 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-02 13:21 - 2009-07-30 14:43 - 00679342 _____ C:\Windows\system32\prfh0816.dat 2015-06-02 13:21 - 2009-07-30 14:43 - 00133752 _____ C:\Windows\system32\prfc0816.dat 2015-06-02 13:21 - 2009-07-30 14:37 - 00691192 _____ C:\Windows\system32\perfh013.dat 2015-06-02 13:21 - 2009-07-30 14:37 - 00132940 _____ C:\Windows\system32\perfc013.dat 2015-06-02 13:21 - 2009-07-30 14:31 - 00689108 _____ C:\Windows\system32\perfh010.dat 2015-06-02 13:21 - 2009-07-30 14:31 - 00127144 _____ C:\Windows\system32\perfc010.dat 2015-06-02 13:07 - 2009-07-30 14:36 - 00000000 ____D C:\Windows\nl-NL 2015-06-01 19:56 - 2014-05-14 13:27 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-01 19:56 - 2014-05-14 13:27 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-01 19:56 - 2014-05-13 21:29 - 00001409 _____ C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-01 19:23 - 2009-07-14 04:04 - 00000580 _____ C:\Windows\win.ini 2015-05-31 21:37 - 2014-05-15 17:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-05-31 15:30 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-31 15:30 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-29 01:50 - 2014-05-15 17:02 - 00000265 _____ C:\Windows\Brownie.ini 2015-05-25 16:50 - 2014-05-13 21:29 - 00000000 ____D C:\Users\Hirlak 2015-05-24 11:32 - 2014-05-14 13:58 - 00111912 _____ C:\Users\Hirlak\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-19 21:13 - 2014-06-08 23:38 - 00000000 ____D C:\Users\Hirlak\AppData\Roaming\vlc 2015-05-19 12:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2015-05-18 00:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-05-17 15:08 - 2014-05-13 21:29 - 00000000 ____D C:\Users\Hirlak\AppData\Local\VirtualStore 2015-05-17 14:12 - 2009-07-14 06:33 - 00434472 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-17 14:06 - 2014-05-13 21:29 - 00000000 ___RD C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-17 13:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help 2015-05-17 13:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources 2015-05-17 09:48 - 2014-08-16 16:49 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-05-17 00:28 - 2014-05-14 15:14 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-17 00:28 - 2014-05-14 15:14 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-17 00:28 - 2014-05-14 14:01 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-17 00:24 - 2014-05-14 14:01 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys ==================== Files in the root of some directories ======= 2014-06-14 03:31 - 2014-06-14 03:31 - 0000000 _____ () C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D} Some files in TEMP: ==================== C:\Users\Hirlak\AppData\Local\temp\Quarantine.exe C:\Users\Hirlak\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 17:57 ==================== End of log ============================ Addition Log [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015 Ran by Hirlak at 2015-06-11 16:59:21 Running from C:\Users\Hirlak\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-717356552-2788057288-3721422200-500 - Administrator - Disabled) Gast (S-1-5-21-717356552-2788057288-3721422200-501 - Limited - Disabled) Hirlak (S-1-5-21-717356552-2788057288-3721422200-1000 - Administrator - Enabled) => C:\Users\Hirlak ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Age of Mythology: Extended Edition Update v1.9 (HKLM\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) Brother HL-2030 (HKLM\...\{550AC66D-DDF9-497E-A9C1-CD5E07E4B89B}) (Version: 1.00 - Brother) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) Fingerprint Solution (Version: 6.1.56.0 - Egis Technology Inc.) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Overwolf (HKLM\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.) Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Smart Switch (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Hidden Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 16-08-2014 16:55:31 Windows Update 16-08-2014 17:35:08 Windows Update 19-08-2014 21:28:26 Windows Update 19-08-2014 22:47:31 Windows Update 01-11-2014 21:15:55 Windows Update 17-05-2015 01:11:52 Windows Update 17-05-2015 01:14:08 Windows Update 17-05-2015 09:52:39 Windows Update 17-05-2015 13:29:04 Installiert Fingerprint Solution 17-05-2015 20:19:32 Installiert Arc 18-05-2015 00:16:16 DirectX wurde installiert 18-05-2015 01:32:35 Windows Update 18-05-2015 14:19:22 Windows Update 18-05-2015 15:12:20 Windows Update 19-05-2015 03:00:27 Windows Update 20-05-2015 02:14:17 Windows Update 20-05-2015 16:25:16 Windows Update 20-05-2015 17:33:01 Windows Update 21-05-2015 21:19:44 Windows Update 22-05-2015 21:50:57 Windows Update 23-05-2015 13:24:47 Windows Update 23-05-2015 13:36:07 Windows Update 23-05-2015 23:23:04 Windows Update 25-05-2015 03:00:32 Windows Update 26-05-2015 16:14:21 Windows Update 28-05-2015 21:29:42 Windows Update 29-05-2015 10:29:24 Windows Update 29-05-2015 18:09:28 Windows Update 30-05-2015 20:09:22 Installed Company of Heroes. 31-05-2015 13:06:40 Windows Update 31-05-2015 15:29:40 Removed Company of Heroes. 31-05-2015 15:30:52 Installed System Requirements Lab Detection 31-05-2015 15:31:28 Removed System Requirements Lab Detection 31-05-2015 15:53:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 31-05-2015 21:36:51 Installed Smart Switch 01-06-2015 14:55:20 Windows Update 01-06-2015 19:15:01 Windows Defender Checkpoint 01-06-2015 22:19:00 Avira EU-Cleaner - 01.06.2015 22:18 02-06-2015 01:47:42 Avira EU-Cleaner - 02.06.2015 01:47 02-06-2015 01:49:58 Windows Update 02-06-2015 20:56:54 avast! antivirus system restore point 02-06-2015 21:02:33 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst 02-06-2015 21:29:55 Windows Update 03-06-2015 13:42:09 avast! antivirus system restore point 03-06-2015 16:54:08 Windows Update 03-06-2015 21:19:48 Windows Update 04-06-2015 19:42:16 Windows Update 06-06-2015 16:28:05 Windows Update 07-06-2015 00:20:18 Windows Update 07-06-2015 21:33:06 Windows Update 08-06-2015 13:51:27 Windows Update 09-06-2015 11:12:04 Windows Update 09-06-2015 13:19:18 Windows Update 11-06-2015 11:35:14 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2015-06-11 12:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {17C88663-29C7-4CE2-B95B-D4EAB37C606F} - System32\Tasks\{D92E80DA-D816-449E-A3D0-E390DCA4C4B6} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment) Task: {1A6294EA-3520-4F02-B15F-74B211B32236} - System32\Tasks\{0565A558-930F-4598-B302-976A1088C681} => C:\Users\Hirlak\Desktop\RA2YR_PP\Red Alert 2 Yuri\Ra2.exe Task: {1DB36057-9415-4DBC-8534-059860780178} - System32\Tasks\{FD379C6F-8E13-4327-B347-A1F85C832D30} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {2002D219-2472-42DD-93A7-940FE4777530} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {2E5449B4-DC0A-47EB-BE7D-6955D5860F7A} - System32\Tasks\{0147B5F9-BAF8-4B8B-B93C-D19FAAB05197} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {30EAD7C4-E443-4A56-A423-617E450D62CF} - System32\Tasks\{4E045BF7-EAD6-4972-B9C9-565E6428E58B} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {47693646-21A7-4570-A65B-3F7403090B53} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {4A3FCC30-E5B2-4D1C-A54B-F5731C0C52EC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-17] (Avast Software s.r.o.) Task: {4B1B9446-77D6-4867-B3BB-15042766BC01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {61F4F95C-C9AB-489D-9923-BEA4C9468A2C} - System32\Tasks\{AA8F20C5-B7A8-4D3B-AA47-5C7FC8890338} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {6EA17C32-5D64-4A03-ADA5-BEF661D29932} - System32\Tasks\{0070E565-2297-414E-9DB2-4BCD4D81499E} => pcalua.exe -a "C:\Users\Hirlak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3950YTVY\sp48616[1].exe" -d C:\Users\Hirlak\Desktop Task: {7080C3C5-709B-415E-9A36-14BBA568174B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.) Task: {7AA3EB6D-CC3F-4133-B984-B911C12A6B04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {87704616-F57C-455C-805E-1F4F90E6F549} - System32\Tasks\{C0F2D471-763D-4CB9-9FD8-DDEA0CB7D0DA} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) Task: {B0DD96D3-F5AB-41D7-A669-79BBC2B66101} - System32\Tasks\{367C39BB-4502-4B12-89C8-88EFADE3AFD4} => C:\Program Files\Arc\ArcLauncher.exe [2015-05-14] (Perfect World Entertainment) Task: {B2FD02FE-3A0B-4A4E-9401-E83A2DB78DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.) Task: {E6EB5E94-FADC-480F-BD97-F18D0B976078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated) Task: {EBB1C099-F5DE-4BCD-B194-0F63A31B8E60} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD) Task: {F4EF1740-341B-4EAF-963B-1A84A663104A} - System32\Tasks\{8BB41017-69DF-4CBC-9762-C60EC0E2E963} => C:\Program Files\Age of Mythology Extended Edition\aomx.exe [2014-08-18] (Microsoft Corp) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-17 00:25 - 2015-05-17 00:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-17 00:25 - 2015-05-17 00:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-11 11:33 - 2015-06-11 11:33 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061100\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-17 00:26 - 2015-05-17 00:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-717356552-2788057288-3721422200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hirlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{1541042D-DF0A-489A-8903-2F8D79DF1B3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E65120BC-CC3A-4935-9141-CE2B2ED8791A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9660E691-BC00-49D4-9302-5A3D164198E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{82CA37A6-A1EA-4D7F-9407-D39346C6FD1D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1F196C8C-16F9-401A-AB12-9FAE92E1BA92}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AA1ABAA8-64B7-47AF-8EDA-8207F0DB4FDD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B20B6899-BA7D-4B8B-A7B8-6D6AE22D8F05}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{C33CC3E1-64E2-4FDB-A786-BEC7827422E4}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe FirewallRules: [UDP Query User{17BB6491-2C9A-46E9-9E21-45A5EC91C04F}C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe] => (Block) C:\users\hirlak\desktop\ra2yr_pp\red alert 2 yuri\game.exe FirewallRules: [TCP Query User{68A5E0F9-554D-40CA-8E8E-D4DEE8AA405A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{6C382865-15BB-4EEB-B739-2BCCE41E7BE8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{9289E566-DDD1-4C6C-A4B2-5633F7C185FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0D5CAC28-AE85-484F-BEC1-E50DD0DB3BC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{77C2AF3D-247B-458C-A507-95FB7B0AD061}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{98F6072D-D3E2-4439-A53C-A5FDF14F2EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{999CB5B5-2E5B-4568-A6D4-69F9F5422DC3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D376CDF9-2BEF-430D-836A-0E1B72B75BE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{D26D5821-A8DB-42AF-9E48-3F53C04CB9FE}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{6F609BED-C36F-46C2-8964-551B83E8B08F}C:\program files\neverwinter_de\neverwinter\live\gameclient.exe] => (Allow) C:\program files\neverwinter_de\neverwinter\live\gameclient.exe FirewallRules: [{D9177D33-391C-478F-BDDA-F898B0F8B92C}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe FirewallRules: [{3461EC8E-06F0-4F2E-980F-6730939D3C28}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{6FA40102-7BA2-4F4C-B626-9B11A3A90607}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe FirewallRules: [UDP Query User{545F64C9-C6C0-424A-A254-D6CDE9B74E28}C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\hirlak\desktop\teamspeak3-server_win32\ts3server_win32.exe FirewallRules: [{43FE6295-E86C-4A6E-94BA-9348623EB4E1}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{5D06BC0B-0B94-4E8E-A7A0-57DDF5E14814}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{ABF00F9D-121C-4EB4-B453-408B1620E5A2}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{1529CBAB-94A7-4E4E-939A-54A535A7BA75}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{CCF8D40A-E13E-4EA7-8976-4D90D372C5BA}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe FirewallRules: [{97DF4E3C-E410-4076-BBE5-B0D44EF972FF}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Application\chromatic.exe FirewallRules: [{6C56684B-AF79-4198-AA66-00BC4CC6492E}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe FirewallRules: [{5A4510F4-2A72-469E-A792-F9D8741233CB}] => (Allow) C:\Users\Hirlak\AppData\Local\Chromatic\Utils\Updater.exe FirewallRules: [{92D2858E-AF12-49E9-9412-C10857092377}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe FirewallRules: [{228497AD-67C7-4A60-BB7E-4BA561961A84}] => (Allow) C:\Users\Hirlak\AppData\Local\wd\wd.exe FirewallRules: [{BA8FAA25-51F0-4963-9F77-18310BB2C6B6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{F9CD98EF-C333-4FC8-890A-48228A023591}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C6AFB504-758C-4486-A6CC-2DC4E8EB8F1A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2015 04:00:51 PM) (Source: ESENT) (EventID: 439) (User: ) Description: Windows (3924) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk konnte nicht geschrieben werden. Fehler -1032. Error: (06/11/2015 04:00:51 PM) (Source: ESENT) (EventID: 490) (User: ) Description: Windows (3924) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (06/11/2015 11:57:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_ProfSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00200072 ID des fehlerhaften Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_ProfSvc0 Pfad der fehlerhaften Anwendung: svchost.exe_ProfSvc1 Pfad des fehlerhaften Moduls: svchost.exe_ProfSvc2 Berichtskennung: svchost.exe_ProfSvc3 Error: (06/11/2015 11:41:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/10/2015 08:43:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/09/2015 09:19:54 PM) (Source: OverwolfUpdater) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig Error: (06/09/2015 07:59:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1252750 Error: (06/09/2015 07:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1252750 Error: (06/09/2015 07:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2015 07:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12885 System errors: ============= Error: (06/11/2015 04:55:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/11/2015 04:54:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/11/2015 04:54:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EgisTec Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/11/2015 04:54:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 04:54:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (06/11/2015 04:00:51 PM) (Source: ESENT) (EventID: 439) (User: ) Description: Windows3924Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 Error: (06/11/2015 04:00:51 PM) (Source: ESENT) (EventID: 490) (User: ) Description: Windows3924Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (06/11/2015 11:57:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_ProfSvc6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050020007243001d0a4294b7ede84C:\Windows\system32\svchost.exeunknown54f9878f-1020-11e5-8b02-fd36a7a44bf4 Error: (06/11/2015 11:41:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/10/2015 08:43:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/09/2015 09:19:54 PM) (Source: OverwolfUpdater) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig Error: (06/09/2015 07:59:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1252750 Error: (06/09/2015 07:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1252750 Error: (06/09/2015 07:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2015 07:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12885 CodeIntegrity Errors: =================================== Date: 2015-06-03 14:16:52.478 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-03 14:10:41.687 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 21:25:17.237 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:57.374 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:57.190 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:21.453 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:25:21.301 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:34.669 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:34.498 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-06-01 19:24:01.722 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz Percentage of memory in use: 30% Total physical RAM: 3066.84 MB Available physical RAM: 2122.71 MB Total Pagefile: 6131.96 MB Available Pagefile: 5172.58 MB Total Virtual: 2047.88 MB Available Virtual: 1905.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:280.79 GB) (Free:115.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.27 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 064EC92B) Partition 1: (Not Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=280.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End of log ============================ |
11.06.2015, 21:53 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-717356552-2788057288-3721422200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR dev: Chrome dev build detected! <======= ATTENTION C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D} C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar C:\Users\Hirlak\Downloads\Detection.msi C:\Users\Hirlak\Downloads\9052.nzb.gz EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
12.06.2015, 22:58 | #11 |
| Mein Laptop wird von "Outbound" aufgesucht FRST Fix Log: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015 Ran by Hirlak at 2015-06-12 23:34:27 Run:1 Running from C:\Users\Hirlak\Desktop Loaded Profiles: Hirlak (Available Profiles: Hirlak) Boot Mode: Normal ============================================== fixlist content: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-717356552-2788057288-3721422200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR dev: Chrome dev build detected! <======= ATTENTION C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D} C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar C:\Users\Hirlak\Downloads\Detection.msi C:\Users\Hirlak\Downloads\9052.nzb.gz EmptyTemp: ***************** "HKLM\SOFTWARE\Policies\Google" => key removed successfully. "HKU\S-1-5-21-717356552-2788057288-3721422200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. C:\Users\Hirlak\AppData\Local\{6375F0CF-D101-49E1-9C1E-B8798E87324D} => moved successfully. C:\Users\Hirlak\Downloads\738fc9e4b1b2a46334534975bd254f79.rar => moved successfully. C:\Users\Hirlak\Downloads\Detection.msi => moved successfully. C:\Users\Hirlak\Downloads\9052.nzb.gz => moved successfully. EmptyTemp: => 789.1 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 23:35:37 ==== |
12.06.2015, 23:12 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht Okay, dann Kontrollscans mit ESET und SC bitte: ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2015, 01:26 | #13 |
| Mein Laptop wird von "Outbound" aufgesucht ESET Online Scanner Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=init # utc_time=2015-06-14 08:47:51 # local_time=2015-06-14 10:47:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT Update Init Update Download Update Finalize Updated modules version: 24326 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=updated # utc_time=2015-06-14 08:49:42 # local_time=2015-06-14 10:49:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=restart # utc_time=2015-06-14 09:08:32 # local_time=2015-06-14 11:08:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 97 983552 34247268 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 170176 185947303 0 0 # scanned=82525 # found=0 # cleaned=0 # scan_time=1130 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=init # utc_time=2015-07-04 11:10:07 # local_time=2015-07-05 01:10:07 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT Update Init Update Download Update Finalize Updated modules version: 24644 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=updated # utc_time=2015-07-04 11:12:03 # local_time=2015-07-05 01:12:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # engine=24644 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-04 11:22:37 # local_time=2015-07-05 01:22:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 97 1408085 35983313 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1906221 187683348 0 0 # scanned=72974 # found=0 # cleaned=0 # scan_time=633 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=init # utc_time=2015-07-04 11:23:40 # local_time=2015-07-05 01:23:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 24644 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=updated # utc_time=2015-07-04 11:24:13 # local_time=2015-07-05 01:24:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # engine=24644 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-05 12:15:53 # local_time=2015-07-05 02:15:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 97 1454481 36029709 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1952617 187729744 0 0 # scanned=158253 # found=1 # cleaned=0 # scan_time=46300 sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hirlak\Downloads\Core-Temp-installer.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=init # utc_time=2015-07-05 12:16:45 # local_time=2015-07-05 02:16:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT Update Init Update Download Update Finalize Updated modules version: 24647 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=updated # utc_time=2015-07-05 12:18:38 # local_time=2015-07-05 02:18:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # engine=24647 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-05 01:31:31 # local_time=2015-07-05 03:31:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 97 1459019 36034247 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1957155 187734282 0 0 # scanned=110295 # found=1 # cleaned=0 # scan_time=4372 sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hirlak\Downloads\Core-Temp-installer.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=init # utc_time=2015-07-05 11:20:25 # local_time=2015-07-06 01:20:25 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT Update Init Update Download Update Finalize Updated modules version: 24653 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # end=updated # utc_time=2015-07-05 11:21:35 # local_time=2015-07-06 01:21:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7600 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=293278560f4c0c48923829f3f239b32d # engine=24653 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-06 12:13:56 # local_time=2015-07-06 02:13:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 97 1497564 36072792 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1995700 187772827 0 0 # scanned=250080 # found=1 # cleaned=1 # scan_time=3140 sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Hirlak\Downloads\Core-Temp-installer.exe" SecurityCheck Log: Code:
ATTFilter Results of screen317's Security Check version 1.004 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.190 Flash Player out of Date! Mozilla Firefox (38.0.1) Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.130) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
06.07.2015, 07:57 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop wird von "Outbound" aufgesucht FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Hirlak\Downloads\Core-Temp-installer.exe EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
07.07.2015, 11:16 | #15 |
| Mein Laptop wird von "Outbound" aufgesucht FRST Log: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by Hirlak at 2015-07-07 12:10:13 Run:2 Running from C:\Users\Hirlak\Desktop Loaded Profiles: Hirlak (Available Profiles: Hirlak) Boot Mode: Normal ============================================== fixlist content: ***************** C:\Users\Hirlak\Downloads\Core-Temp-installer.exe EmptyTemp: ***************** "C:\Users\Hirlak\Downloads\Core-Temp-installer.exe EmptyTemp:" => File/Folder not found. ==== End of Fixlog 12:10:13 ==== |
Themen zu Mein Laptop wird von "Outbound" aufgesucht |
abend, andere, avast, avast!, avira, befreien, blockiert, eu-cleaner, frage, guten, komplett, laptop, malwarebytes, meldung, momentan, outbound, programme, rechner, schadsoftware, seite, seiten, tan, vermute, viren |