| |
| |||||||
Log-Analyse und Auswertung: GPU-Auslastung permanent 98% -> Grafikkarte erhöhte TemperaturWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.05.2014, 21:06
| #1 | |
| |  GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo liebe Community Ich bin noch sehr neu in diesem Forum und muss gestehen, ich habe nicht ganz so viel Ahnung. Trotzdem möchte ich mich schon einmal im voraus bei jedem bedanken der sich meines Problems annimmt. Zuerst etwas zu meinem System: Mainboard: Asus M4N68T-M Prozessor: AMD Phenom II X4 965 Black Edition (3,4GHz) Arbeitsspeicher: 2x 4GB Grafikkarte: ATI Radeon Sapphire HD5830 Xtreme (1GB) Festplatte(n): 1 X WDC WD30EZRS (3TB) ; 1 X WDC WD5000AADS (0,5TB) ; 1 X Samsung HD103SJ (1TB) Betriebssystem: Windows 7 Ultimate 64 Bit Antivirus: Norton Internet Security 2014 Als nächstes zu meinem Problemen: Ich habe schon sei längerem das Problem das mein PC sehr lange braucht um vollständig hoch zu fahren (nach Anmeldung bis zum vollständigen laden aller Programme). Dann habe ich das Problem das viele Spiele (auch ältere Spiele) wie z.B. NFS The Run; CoD BlackOps; Protoype 2 etc. nur flüssig laufen wenn ich die Grafik auf ein Minimum runter schraube. und mein Hauptproblem: Sobald der PC hochgefahren ist geht die GPU-Auslastung auf 98-99%. Ohne das ich irgendein Programm starte. Auch bei trennen der Internetverbindung bleibt das Problem bestehen. Meine Lösungsversuche: Ich habe Norton einen vollständigen SystemScan und mehrere Laufwerks- und Ordnerscans durchführen lassen. Es wurden diverse Fehler aufgezeigt, hauptsächlich Trainer oder Cracks für Spiele (An dieser Stelle will ich lieber gleich sagen: Schande über mich. Ich habe alles was ich konnte gelöscht) aber auch einiges an Meldung wie: Heuristik, Maleware, Angriffsversuch von Außerhalb (o.s.ä.) -> die laut Norton alle behoben bzw. gelöscht wurden. Ich habe es leider versäumt die LOGs zu speichern, sonst hätte ich sie hier mit angehängt. Es dauert leider fast einen Tag bis Norton mein komplettes System gescannt hat (4,5 TB). Sonst hätte ich das noch einmal gemacht. Ich habe noch mit CCleaner alle Verläufe, Temp-Dateinen etc. gelöscht und die Registry säubern lassen. Als nächstes habe ich im Internet nach ähnlichen Problemen gesucht und festgestellt das es doch ein Problem ist, das viele haben. Die meisten Lösungsvorschläge beinhalteten: Grafikkarten-Treiber erneuern (down oder updaten) Das habe ich auch versucht -> erst die Treiber runter -> dann die von der mitgelieferten DVD drauf -> leider ohne erfolg. Dann habe ich den neusten Treiber geladen -> mit selben Ergebnis. Ich habe mit dem ATI-Catalyst und mit dem Afterburner von MSI die GPU-Auslastung ausgelesen -> selbes Ergebnis (98-99% im Leerlauf) Dann bin ich durch Zufall über einen Beitrag hier im Forum gestolpert. Dort ging es um eine ähnliche Problematik mit einem Virus der sich als eine Datei namens "SVCHOST" ausgab. Daraufhin habe ich im Taskmanager gesucht welche von den 18 Dateien namens "SVCHOST" den höchsten Ausschlag in der CPU-Auslastung hat (einfach nur weil ich Ratlos war) -> habe eine gefunden -> den Prozess beendet und auf einmal war meine GPU-Auslastung bei 0% Nach einem Neustart war das Problem wieder da und ich habe versucht die Datei zu lokalisieren -> leider erfolglos (Pfad: System32 und da lösche ich nicht einfach wild drauf los - bringt ja eh meist nix) Jedenfalls habe ich versucht mich an die hier vorgegebene Vorgehensweise zu halten und habe die Schritte abgearbeitet (so gut ich konnte) 1. Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:58 on 28/05/2014 (Devil)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Devil (administrator) on NEO on 28-05-2014 20:10:46
Running from D:\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrSaz.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrAuf.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
() C:\Windows\Temp\svchost.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(OCS) C:\Users\Devil\AppData\Local\Temp\OCS\ocs_v71b.exe
(Trend Micro Inc.) C:\Users\Devil\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\Run: [Google Update] => C:\Users\Devil\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-27] (Google Inc.)
HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\MountPoints2: I - I:\USBAutoRun.exe
HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\MountPoints2: L - L:\USBAutoRun.exe
HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\MountPoints2: {e6d2cde0-9d86-11e3-9221-806e6f6e6963} - I:\USBAutoRun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F0F228EA-94F0-4EDC-862B-9077FF306370} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN63439897524308264&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=E8B400FF09724650
SearchScopes: HKCU - {A1DABF90-F83C-4a5a-8000-514E06654FA7} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=19&gct=sb&qsrc=2869
SearchScopes: HKCU - {C3EA6126-6E4F-4d88-978E-291625E6B2A1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {F0F228EA-94F0-4EDC-862B-9077FF306370} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN63439897524308264&UM=2
BHO: Lucky Savings WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Drop Pad Web Backup - {25DA541F-6ACF-4052-A8AA-1D58284729C7} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No File
Toolbar: HKLM - Lucky Savings Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\Program Files (x86)\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default
FF DefaultSearchEngine: Freemium DE Customized Web Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\claro.xml
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\admin@proxy-listen.de.xpi [2013-02-12]
FF Extension: Adblock Plus - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF HKLM\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic - Fun Social Pictures\Firefox
FF HKLM\...\Firefox\Extensions: [{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}] - C:\Program Files\WBC Engine\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-14]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (phonostar Detector) - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
CHR Plugin: (Google Update) - C:\Users\Devil\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-28]
CHR Extension: (AdBlock) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-28]
CHR Extension: (Google Wallet) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKCU\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [2013-01-10]
CHR HKLM-x32\...\Chrome\Extension: [hacjidbllfnlecmikihhjphlicpbepih] - C:\Program Files (x86)\Strongvault Online Backup\DropPad.crx [2013-01-10]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Devil\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24]
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx [2014-05-24]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2012-08-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 LcSvrAdm; D:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG)
R3 LcSvrAuf; D:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG)
R2 LcSvrDba; D:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG)
R2 LcSvrHis; D:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG)
R2 LcSvrPAS; D:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG)
R2 LcSvrSaz; D:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-10-29] ()
S4 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [360960 2010-10-25] (iZ3D Inc.)
S4 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [480768 2010-10-25] (iZ3D Inc.)
S4 TorchCrashHandler; C:\Users\Devil\AppData\Local\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
==================== Drivers (Whitelisted) ====================
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [63872 2006-10-29] (Broadcom Corporation.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140527.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 iZ3DInjectionDriver; C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2010-10-06] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140527.016\ENG64.SYS [126040 2014-04-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140527.016\EX64.SYS [2099288 2014-04-29] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-24] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 usbaudio; C:\Windows\SysWOW64\drivers\usbaudio.sys [39840 1998-08-21] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [53960 2011-01-13] (usb camera)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 zonescreen; C:\Windows\System32\DRIVERS\zsport.sys [12024 2010-10-31] (ZoneOS)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 btwmodem; system32\DRIVERS\btwmodem.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 20:10 - 2014-05-28 20:10 - 00000000 ____D () C:\FRST
2014-05-28 20:05 - 2014-05-28 20:05 - 00013330 _____ () C:\Users\Devil\Desktop\Defogger.lnk
2014-05-28 19:59 - 2014-05-28 20:00 - 00000448 _____ () C:\Windows\setupact.log
2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable
2014-05-27 23:58 - 2014-05-27 23:58 - 09591606 _____ () C:\Users\Devil\Downloads\Windows6.1-KB958559-x86.msu
2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log
2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD
2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-05-27 23:13 - 2014-04-18 04:39 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-27 23:13 - 2014-04-18 04:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-05-27 23:13 - 2014-04-18 04:23 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-05-27 23:13 - 2014-04-18 04:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-05-27 23:13 - 2014-04-18 04:17 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-27 23:13 - 2014-04-18 04:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-27 23:13 - 2014-04-18 04:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-27 23:13 - 2014-04-18 04:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-05-27 23:13 - 2014-04-18 04:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-27 23:13 - 2014-04-18 03:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-27 23:13 - 2014-04-18 03:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-05-27 23:13 - 2014-04-18 03:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-05-27 23:13 - 2014-04-18 03:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-05-27 23:13 - 2014-04-18 03:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-27 23:13 - 2014-04-18 03:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-27 23:13 - 2014-04-18 03:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-05-27 23:13 - 2014-04-18 03:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-27 23:13 - 2014-04-18 03:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-27 23:13 - 2014-04-18 03:30 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-05-27 23:13 - 2014-04-18 03:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-05-27 23:13 - 2014-04-18 03:29 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-05-27 23:13 - 2014-04-18 03:29 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-05-27 23:13 - 2014-04-18 03:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-05-27 23:13 - 2014-04-18 03:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-05-27 23:13 - 2014-04-18 03:21 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-05-27 23:13 - 2014-04-18 03:17 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-05-27 23:13 - 2014-04-18 03:09 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-05-27 23:13 - 2014-04-18 03:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-05-27 23:13 - 2014-04-18 03:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-05-27 23:13 - 2014-04-10 19:58 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-05-27 23:13 - 2014-04-01 00:06 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-05-27 23:13 - 2014-04-01 00:04 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-05-27 23:13 - 2014-02-06 17:45 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-05-27 23:13 - 2014-01-16 19:00 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-05-27 23:13 - 2014-01-16 18:59 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-05-27 23:13 - 2014-01-16 10:34 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-05-27 23:13 - 2013-12-19 18:45 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-05-27 23:13 - 2013-12-19 18:44 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX
2014-05-27 22:45 - 2014-05-27 22:46 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt
2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp
2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt
2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll
2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-05-05 22:25 - 2014-05-06 18:41 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai
2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames
2014-05-04 00:21 - 2014-05-16 19:57 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt
2014-05-02 19:58 - 2014-05-02 19:58 - 00000044 _____ () C:\Users\Devil\Documents\RalfKonto1.txt
2014-05-01 22:32 - 2014-05-01 22:32 - 00000000 ____D () C:\Users\Devil\Documents\Alcohol 120%
2014-04-29 20:01 - 2014-04-29 20:04 - 00003608 _____ () C:\Users\Devil\logSequencer.log
2014-04-29 20:00 - 2014-05-27 23:08 - 00000000 ____D () C:\Users\Devil\GLUCOFACTS Deluxe
2014-04-28 22:16 - 2014-05-06 18:34 - 00000000 ____D () C:\Keule306
==================== One Month Modified Files and Folders =======
2056-04-24 22:17 - 2014-03-25 23:02 - 00004096 _____ () C:\Users\Public\Documents\0000319C.LCS
2056-04-24 22:17 - 2014-03-25 23:00 - 00000000 ____D () C:\WDIGIPET
2015-08-01 19:43 - 2014-03-26 00:14 - 00000368 _____ () C:\Users\Devil\Documents\ax_files.xml
2015-08-01 19:43 - 2013-10-27 20:58 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72B68498-F2A6-46D9-BBFA-FB3ABA89363F}
2014-05-28 20:10 - 2014-05-28 20:10 - 00000000 ____D () C:\FRST
2014-05-28 20:05 - 2014-05-28 20:05 - 00013330 _____ () C:\Users\Devil\Desktop\Defogger.lnk
2014-05-28 20:05 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 20:05 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 20:04 - 2012-08-26 16:38 - 01764895 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 20:00 - 2014-05-28 19:59 - 00000448 _____ () C:\Windows\setupact.log
2014-05-28 20:00 - 2014-04-25 22:24 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 20:00 - 2013-02-21 02:06 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:59 - 2014-02-20 23:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-28 19:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable
2014-05-28 19:58 - 2012-08-26 16:47 - 00000000 ____D () C:\Users\Devil
2014-05-28 19:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-28 19:41 - 2012-09-27 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA.job
2014-05-28 19:41 - 2012-09-27 15:39 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core.job
2014-05-28 19:37 - 2012-10-20 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 19:36 - 2014-04-25 22:24 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 19:26 - 2012-08-26 20:24 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DAEMON Tools Lite
2014-05-28 19:25 - 2012-08-26 19:37 - 00000000 ____D () C:\Users\Devil\AppData\Local\CrashDumps
2014-05-28 00:04 - 2013-04-24 21:56 - 00000344 _____ () C:\Windows\ODBC.INI
2014-05-27 23:58 - 2014-05-27 23:58 - 09591606 _____ () C:\Users\Devil\Downloads\Windows6.1-KB958559-x86.msu
2014-05-27 23:38 - 2012-09-12 20:18 - 00524288 ___SH () C:\Users\Devil\Thumbs.db
2014-05-27 23:24 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Programme
2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 23:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log
2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-27 23:17 - 2012-08-26 17:19 - 00000000 ____D () C:\ProgramData\AMD
2014-05-27 23:16 - 2012-08-26 17:17 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD
2014-05-27 23:08 - 2014-04-29 20:00 - 00000000 ____D () C:\Users\Devil\GLUCOFACTS Deluxe
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX
2014-05-27 22:48 - 2012-09-07 18:45 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-27 22:46 - 2014-05-27 22:45 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt
2014-05-27 17:52 - 2012-08-26 22:39 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-27 17:34 - 2012-08-30 23:10 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\vlc
2014-05-27 13:31 - 2013-07-31 19:06 - 00000000 ___RD () C:\Users\Devil\Desktop\Software
2014-05-27 01:29 - 2014-02-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Bridge Building Game
2014-05-26 20:07 - 2009-08-25 20:32 - 00666448 _____ () C:\Windows\system32\perfh01D.dat
2014-05-26 20:07 - 2009-08-25 20:32 - 00147772 _____ () C:\Windows\system32\perfc01D.dat
2014-05-26 20:07 - 2009-08-25 19:41 - 00728092 _____ () C:\Windows\system32\perfh019.dat
2014-05-26 20:07 - 2009-08-25 19:41 - 00156268 _____ () C:\Windows\system32\perfc019.dat
2014-05-26 20:07 - 2009-08-25 19:33 - 00747838 _____ () C:\Windows\system32\perfh013.dat
2014-05-26 20:07 - 2009-08-25 19:33 - 00158702 _____ () C:\Windows\system32\perfc013.dat
2014-05-26 20:07 - 2009-08-25 19:25 - 00497186 _____ () C:\Windows\system32\perfh014.dat
2014-05-26 20:07 - 2009-08-25 19:25 - 00100410 _____ () C:\Windows\system32\perfc014.dat
2014-05-26 20:07 - 2009-08-25 19:18 - 00744652 _____ () C:\Windows\system32\perfh010.dat
2014-05-26 20:07 - 2009-08-25 19:18 - 00152658 _____ () C:\Windows\system32\perfc010.dat
2014-05-26 20:07 - 2009-08-25 19:09 - 00749858 _____ () C:\Windows\system32\perfh00C.dat
2014-05-26 20:07 - 2009-08-25 19:09 - 00155216 _____ () C:\Windows\system32\perfc00C.dat
2014-05-26 20:07 - 2009-08-25 19:01 - 00484696 _____ () C:\Windows\system32\perfh00B.dat
2014-05-26 20:07 - 2009-08-25 19:01 - 00107284 _____ () C:\Windows\system32\perfc00B.dat
2014-05-26 20:07 - 2009-08-25 18:54 - 00749602 _____ () C:\Windows\system32\perfh00A.dat
2014-05-26 20:07 - 2009-08-25 18:54 - 00164930 _____ () C:\Windows\system32\perfc00A.dat
2014-05-26 20:07 - 2009-08-25 18:46 - 00712886 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 20:07 - 2009-08-25 18:46 - 00155216 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 20:07 - 2009-08-25 18:38 - 00512432 _____ () C:\Windows\system32\perfh006.dat
2014-05-26 20:07 - 2009-08-25 18:38 - 00104394 _____ () C:\Windows\system32\perfc006.dat
2014-05-26 20:07 - 2009-07-14 07:13 - 08781340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 19:38 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Games
2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp
2014-05-24 23:24 - 2014-03-29 19:59 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-24 23:24 - 2013-11-14 20:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-24 23:24 - 2013-04-23 18:54 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-23 22:16 - 2012-11-07 20:16 - 05581312 ___SH () C:\Users\Devil\Desktop\Thumbs.db
2014-05-23 17:13 - 2013-07-15 19:39 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-23 17:13 - 2012-08-30 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-23 17:12 - 2012-08-30 22:06 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DVDVideoSoft
2014-05-17 17:32 - 2013-04-25 15:17 - 00000056 _____ () C:\Windows\Acroread.ini
2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt
2014-05-16 19:57 - 2014-05-04 00:21 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt
2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll
2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp
2014-05-08 19:36 - 2012-09-27 15:39 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA
2014-05-08 19:36 - 2012-09-27 15:39 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core
2014-05-06 18:41 - 2014-05-05 22:25 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai
2014-05-06 18:34 - 2014-04-28 22:16 - 00000000 ____D () C:\Keule306
2014-05-06 17:31 - 2014-04-25 22:24 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 17:31 - 2014-04-25 22:24 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 22:46 - 2013-01-21 18:32 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-05-05 22:43 - 2013-04-24 14:51 - 00000000 __SHD () C:\AI_RecycleBin
2014-05-05 22:43 - 2013-01-21 18:29 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames
2014-05-02 19:58 - 2014-05-02 19:58 - 00000044 _____ () C:\Users\Devil\Documents\RalfKonto1.txt
2014-05-01 22:32 - 2014-05-01 22:32 - 00000000 ____D () C:\Users\Devil\Documents\Alcohol 120%
2014-04-30 00:03 - 2013-11-16 00:05 - 00000000 ____D () C:\Users\Devil\bitches
2014-04-29 20:04 - 2014-04-29 20:01 - 00003608 _____ () C:\Users\Devil\logSequencer.log
Files to move or delete:
====================
C:\Users\Devil\AppData\Roaming\CamLayout.ini
C:\Users\Devil\AppData\Roaming\CamShapes.ini
C:\Users\Devil\Monopoly3Setup.exe
C:\Users\Devil\scroll_app_smart_4.00.33.exe
C:\Users\Devil\setpoint6.61.15_64.exe
C:\Users\Devil\WhiteCap_505_Platinum.exe
C:\Users\Devil\AppData\Roaming\Origin\update.vbe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-24 22:22
==================== End Of Log ============================
--- --- --- 3. Addition [War leider zu lang für diesen Beitrag] 4. GMER (ging leider nur im abgesicherten Modus) GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 20:28:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\0000007b WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Devil\AppData\Local\Temp\pxldqpow.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000d18013bbb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000d18013bbb@0c715d6b4242 0xD9 0x3F 0x38 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000d18013bbb@0024836c6ea7 0x75 0x40 0x56 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000d18013bbb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000d18013bbb@0c715d6b4242 0xD9 0x3F 0x38 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000d18013bbb@0024836c6ea7 0x75 0x40 0x56 0x1C ...
---- EOF - GMER 2.1 ----
5. HijackThis HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:51:49, on 28.05.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Devil\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Drop Pad Web Backup - {25DA541F-6ACF-4052-A8AA-1D58284729C7} - mscoree.dll (file missing) O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\Microsoft Office\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Devil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Microsoft Office\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\Program Files (x86)\ElsaWin\bin\wiprot.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - D:\ElsaWin\bin\LcSvrAdm.exe O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - D:\ElsaWin\bin\LcSvrAuf.exe O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - D:\ElsaWin\bin\LcSvrDba.exe O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - D:\ElsaWin\bin\LcSvrHis.exe O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - D:\ElsaWin\bin\LcSvrPas.exe O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - D:\ElsaWin\bin\LcSvrSaz.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12410 bytes 6. Norton (Windows-Ordner-Scan) [leider ohne Ergebnis] Zitat:
Kleine Ergänzung: Grafikkarten-Temperatur bei GPU-Auslastung 98% = ca 80°C Grafikkarten-Temperatur bei GPU-Auslastung 0-3% = ca 55°C |
|
29.05.2014, 05:36
| #2 |
| /// the machine /// TB-Ausbilder    | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur hi,
__________________poste jetzt bitte die Addition.txt. Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.05.2014, 13:03
| #3 | |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo,
__________________ich wusste nicht genau ob ich die Datei packen und anhängen soll. Außerdem dachte ich gelesen zu haben das ich den Addition.txt nur auf Anweisung anhängen soll. Zitat:
|
|
30.05.2014, 09:59
| #4 | |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte TemperaturZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.05.2014, 16:19
| #5 |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Ja das kann sein. Das ist aber schon so lang her, das ist schon gar nicht mehr war. Hat außerdem eh nicht funktioniert. Das war glaube ich, damals als Diablo 3 raus kam und ich es unbedingt offline spielen wollte. Hat aber, wie schon erwähnt nicht funktioniert. Ist das etwa der Grund für mein Problem? (Ich werde das gleich mal korrigieren) Ich habe jetzt übrigens heraus gefunden das die "SVCHOST-Datei" im Windows-Temp-Ordner sitzt. Sobald ich sie mittels Task-Manager schließe, geht meine GPU-Auslastung im Leerlauf gegen Null. Löschen bringt leider nichts [-> Nach Neustart leider wieder vorhanden] |
|
31.05.2014, 15:13
| #6 |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ --> GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur |
|
31.05.2014, 20:33
| #7 |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo, und vielen Dank für die Mühe. Ich habe jetzt den "Revo Uninstaller" installiert und ausgeführt. Nur leider war das einzige Programm welches ich vollständig (ausführlich) entfernen konnte: "Torch" (das war glaube ich irgend so ein Download-Programm) Die anderen Dateien aus dem Addition.log, bei denen das "ATTENTION" hinterlegt ist, waren leider nicht im "Revo Uninstaller" zu finden. Daraufhin habe ich ComboFix geladen und ausgeführt und folgenden LOG erhalten ComboFix: Code:
ATTFilter ComboFix 14-05-29.01 - Devil 31.05.2014 20:49:22.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8191.6241 [GMT 2:00]
ausgeführt von:: c:\users\Devil\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\users\Devil\5770.jpg
c:\users\Devil\90er.rtf
c:\users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Devil\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Devil\Monopoly3Setup.exe
c:\users\Devil\wl
c:\users\Devil\wl\Scannen0002.jpg
c:\users\Devil\wl\Scannen0003.jpg
c:\users\Devil\wl\Scannen0004.jpg
c:\users\Devil\wl\Scannen0005.jpg
c:\windows\7Loader.TAG
c:\windows\IsUn0407.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Legacy_NPF
-------\Service_acedrv11
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-31 ))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2014-05-31 18:58 . 2014-05-31 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-31 18:58 . 2014-05-31 18:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-31 18:26 . 2014-05-31 18:26 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-05-30 18:56 . 2014-05-30 18:58 -------- d-----w- c:\users\Devil\kratzer
2014-05-30 15:22 . 2014-05-30 15:22 -------- d-----w- c:\windows\system32\drivers\etc\SK\Neuer Ordner
2014-05-29 14:46 . 2014-05-29 14:54 -------- d-----w- c:\users\Devil\UNI
2014-05-29 13:27 . 2014-05-29 13:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-28 18:10 . 2014-05-29 11:58 -------- d-----w- C:\FRST
2014-05-27 21:20 . 2014-05-27 21:20 -------- d-----w- c:\programdata\ATI
2014-05-27 21:17 . 2014-05-27 21:17 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-27 21:14 . 2014-05-27 21:14 -------- d-----w- c:\program files\AMD
2014-05-27 21:01 . 2014-05-27 21:01 -------- d-----w- c:\program files (x86)\Sapphire TRIXX
2014-05-27 20:45 . 2014-05-27 20:46 -------- d-----w- c:\program files (x86)\MSI Afterburner
2014-05-24 21:25 . 2014-05-24 21:25 0 ----a-w- c:\windows\SysWow64\OCL8FB2.tmp
2014-05-24 21:25 . 2014-05-24 21:25 0 ----a-w- c:\windows\SysWow64\OCL7FE8.tmp
2014-05-24 18:25 . 2014-05-31 12:48 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C
2014-05-12 19:43 . 2014-05-12 19:43 30208 ----a-w- C:\devdll.dll
2014-05-10 09:13 . 2014-05-10 09:13 0 ----a-w- c:\windows\SysWow64\OCL75AC.tmp
2014-05-10 09:13 . 2014-05-10 09:13 0 ----a-w- c:\windows\SysWow64\OCL756D.tmp
2014-05-05 20:43 . 2014-05-05 20:43 -------- d-----w- c:\program files (x86)\Aeria Games
2014-05-05 20:25 . 2014-05-06 16:41 -------- d-----w- c:\users\Devil\AppData\Local\Akamai
2014-05-05 20:25 . 2014-05-05 20:25 -------- d-----w- C:\AeriaGames
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-24 19:11 . 2012-08-26 18:25 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-04-18 02:43 . 2011-03-09 04:17 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2013-08-31 00:14 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2011-03-09 04:55 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2011-03-09 04:56 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2011-03-09 04:40 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2013-08-31 00:13 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2011-03-09 03:34 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:19 . 2013-08-30 23:45 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2013-08-30 23:43 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 01:09 . 2013-08-30 22:33 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2013-08-30 22:32 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-17 20:33 . 2014-04-17 20:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 20:28 . 2014-04-17 20:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-29 19:26 . 2012-09-22 11:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-29 19:26 . 2012-09-21 19:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-29 18:13 . 2014-03-29 18:18 81855696 ----a-w- c:\users\Devil\setpoint6.61.15_64.exe
2014-03-29 18:13 . 2014-03-29 18:18 4109832 ----a-w- c:\users\Devil\scroll_app_smart_4.00.33.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}]
2010-11-04 15:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-19 12:13 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 02:43 1724616 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 02:43 1724616 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 02:43 1724616 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico /auto [2012-12-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbcamcl;Driver for video Device;c:\windows\system32\DRIVERS\usbcamcl.sys;c:\windows\SYSNATIVE\DRIVERS\usbcamcl.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 zonescreen;zonescreen;c:\windows\system32\DRIVERS\zsport.sys;c:\windows\SYSNATIVE\DRIVERS\zsport.sys [x]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R4 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R4 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe;c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [x]
R4 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe;c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140530.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140530.001\IDSvia64.sys [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe;d:\elsawin\bin\LcSvrAdm.exe [x]
S2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe;d:\elsawin\bin\LcSvrDba.exe [x]
S2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe;d:\elsawin\bin\LcSvrHis.exe [x]
S2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe;d:\elsawin\bin\LcSvrPas.exe [x]
S2 LcSvrSaz;ELSA APOSpro Server;d:\elsawin\bin\LcSvrSaz.exe;d:\elsawin\bin\LcSvrSaz.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe;d:\elsawin\bin\LcSvrAuf.exe [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 19:26]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25 20:24]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25 20:24]
.
2014-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core.job
- c:\users\Devil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 13:39]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA.job
- c:\users\Devil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-04 15:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-19 12:13 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 02:37 2328776 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 02:37 2328776 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 02:37 2328776 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - c:\progra~1\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN18007227791151922&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-Diablo.III.Client.Server.Emulator_is1 - c:\program files (x86)\Games\Diablo.III.Client.Server.Emulator\unins000.exe
AddRemove-Die Sims - c:\windows\IsUn0407.exe
AddRemove-ESI Prüfwerte - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 245280 - j:\program files (x86)\Steam\steam.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-31 21:13:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-31 19:13
.
Vor Suchlauf: 23 Verzeichnis(se), 27.785.736.192 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 27.430.928.384 Bytes frei
.
- - End Of File - - 0403009F14E69330A23EB58E21EC6F83
5FB38429D5D77768867C76DCBDB35194
|
|
01.06.2014, 14:48
| #8 |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2014, 23:10
| #9 |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo, ich habe " Malwarebytes Anti-Malware " installiert und den beschriebenen Ablauf eingehalten, bis auf eine kleine Abweichung: -> Ich habe nach dem ersten Suchlauf, die kostenlose " Pro Testversion" aktiviert und den Suchlauf wiederholt. -> deswegen habe ich auch zwei "mbam.txt-Dateien" angefügt. [Wobei auch endlich die "SVCHOST.exe" im Windows-Temp-Ordner erkannt und in Quarantäne verschoben wurde] Hier meine Logs: mbam(1): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01.06.2014 Scan Time: 22:20:16 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.01.07 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Devil Scan Type: Threat Scan Result: Completed Objects Scanned: 343779 Time Elapsed: 11 min, 54 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 26 PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [63e8b5be7ffc59dda60dfd6b6f931de3], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [63e8b5be7ffc59dda60dfd6b6f931de3], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [63e8b5be7ffc59dda60dfd6b6f931de3], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [63e8b5be7ffc59dda60dfd6b6f931de3], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [eb60b1c21b60c373a22902653ec407f9], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [eb60b1c21b60c373a22902653ec407f9], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [7bd00b686714fb3b104a16513fc34ab6], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [7bd00b686714fb3b104a16513fc34ab6], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [c18aef844f2c60d6dc418f3622e1c63a], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [113aed8694e7cc6ae674305f3ec432ce], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [5af1264de299fc3a4b2904aa27db738d], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [bf8c33402f4ccf678b03278020e21ae6], PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-3.8, , [73d852216c0ffb3bb5904967fd05916f], PUP.Optional.SurfCanyon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bcjagnifjocnddgeknajocbkkhlgibem, , [23286112c6b544f2dece99f89e644eb2], PUP.Optional.1ClickDownLoader.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmlghpafmmnmmkjdhacccolfgnkiboco, , [32198ce7106bd16567a9524207fbde22], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [7ad132411f5cc96d7cfc0cb8fb08ee12], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [81caff74c2b9d066a93abb09659e3cc4], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [c784d3a0fb80ac8ac27ac8ffda29ac54], PUP.Optional.PlusHD.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, , [094294df87f40630395efba5ee14837d], PUP.Optional.Conduit.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [4704145fcab15ed8e92541882ed59868], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [e06b61121269a393d71bbcf1f70b48b8], PUP.Optional.Softonic.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [1932acc77ffc47ef809aa2fae71b966a], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [e36852211368092d9ed9606458ab02fe], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [a3a8155e90ebb5818283c90f44bf1fe1], PUP.Optional.MultiIE.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [4ffc640f43383df90c494c9505fe9e62], PUP.Optional.PlusHD.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, , [6dde62114b30b77f5f38a5fb32d0a060], Registry Values: 7 PUP.Optional.CoolPic, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}, , [074402712358c373c5ef6700b64cb14f], PUP.Optional.CoolPic, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FEFE89E5-A43F-4F4B-8211-B11D91D02135}, C:\Program Files\CoolPic - Fun Social Pictures\Firefox, , [074402712358c373c5ef6700b64cb14f] PUP.Optional.WBCEngine, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}, , [f556a7ccaad160d6783d40279a6812ee], PUP.Optional.WBCEngine, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{14DD0E04-D4F6-45D2-A958-F361FBD4F64F}, C:\Program Files\WBC Engine\Firefox, , [f556a7ccaad160d6783d40279a6812ee] PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=E8B400FF09724650, , [da714033aecdd1659747c2049e65847c] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {FBDFD774-6E6E-45D7-B116-230FE9E032D8}, , [7ad132411f5cc96d7cfc0cb8fb08ee12] PUP.Optional.SweetIM.A, HKU\S-1-5-21-1033395003-4163772576-2144622384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {FBDFD774-6E6E-45D7-B116-230FE9E032D8}, , [e36852211368092d9ed9606458ab02fe] Registry Data: 0 (No malicious items detected) Folders: 38 PUP.Optional.Esafe.A, C:\ProgramData\eSafe, , [1437294a8cefd95dc890edd4d3306b95], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\ar, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\da, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\de, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\en, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\es, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\fr, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\it, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\nl, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\pl, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\pt, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\ro, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\th, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\tr, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\tw, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\vi, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\res\lang\zh, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\skin, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\EDOWNLOAD\skin\dl, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.DealPly.A, C:\Users\Devil\AppData\Roaming\DealPly, , [212ab5bed5a6b284662dc8b237cbde22], PUP.Optional.DealPly.A, C:\Users\Devil\AppData\Roaming\DealPly\UpdateProc, , [212ab5bed5a6b284662dc8b237cbde22], PUP.Optional.CoolPic, C:\Program Files\COOLPIC - FUN SOCIAL PICTURES, , [bd8e2c4733481c1aa61e42381ee4f808], PUP.Optional.OpenCandy, C:\Users\Devil\AppData\Roaming\OPENCANDY, , [67e4fc778cef84b24e7c0f6b2ed49868], PUP.Optional.OpenCandy, C:\Users\Devil\AppData\Roaming\OPENCANDY\9F1A7FED68744508A586ADB57EE6B66D, , [67e4fc778cef84b24e7c0f6b2ed49868], PUP.Optional.OpenCandy, C:\Users\Devil\AppData\Roaming\OPENCANDY\OpenCandy_9F1A7FED68744508A586ADB57EE6B66D, , [67e4fc778cef84b24e7c0f6b2ed49868], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [6dde581bbdbe989e99bcd7a48b778d73], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3311336, , [6dde581bbdbe989e99bcd7a48b778d73], PUP.Optional.Visualbee, C:\Users\Devil\AppData\Local\VISUALBEEEXE, , [eb60e58e6912171f1c438bf1b84ae21e], PUP.Optional.JollyWallet.A, C:\Users\Devil\AppData\Local\JOLLYWALLET, , [83c8195a0e6df6400e5f215c1de51ee2], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\UPDATER23986, , [a8a3e0934239c373a4156e0f57abae52], PUP.Optional.SockShareDownloader.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\jetpack\SOCKSHAREDOWNLOADER@SOCKSHAREDOWNLOADER.COM, , [c388b2c1582346f0bbf6dca4669ccb35], PUP.Optional.SockShareDownloader.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\jetpack\SOCKSHAREDOWNLOADER@SOCKSHAREDOWNLOADER.COM\simple-storage, , [c388b2c1582346f0bbf6dca4669ccb35], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com, , [1a31e68d225944f295465d24a35fac54], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\LOCAL EXTENSION SETTINGS\OFJGNHIHLKLPOBKALOAMKANKAAOCLFJH, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.SavingsExplorer.A, C:\Users\Devil\AppData\Local\SAVINGS EXPLORER, , [34174132d7a4e2548c74bfcf60a25ea2], Files: 110 HackTool.HotKeyHook, C:\Windows\SysWOW64\H@tKeysH@@k.DLL, , [4cff175c3348f93dcb79f8a915ebd22e], Trojan.BitCoinMiner, C:\Windows\Temp\svchost.exe, , [4b00482b6c0f2b0b518319f057aaa45c], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_OFJGNHIHLKLPOBKALOAMKANKAAOCLFJH_0.LOCALSTORAGE, , [d675e093522965d1b33780107d858c74], PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\babylon1.xml, , [7dceabc8c6b5a6903293c5d4788ad828], PUP.Optional.Conduit.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\conduit.xml, , [71da165d3645fe38e1bc742e05fd42be], PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\delta.xml, , [60eb1e553249ee483d6d792918ea7090], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [63e86e0538430234cd9bc3e403fff30d], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml, , [cb8087ece09b79bd9e0fedbaf70b6997], PUP.Optional.Esafe.A, C:\ProgramData\eSafe\EDELAYINFO.EDB, , [1437294a8cefd95dc890edd4d3306b95], Trojan.BitcoinMiner, C:\Windows\Temp\phatk121016.cl, , [4407d49f423963d317d37150be45b749], Trojan.BitcoinMiner, C:\Windows\Temp\scrypt130511.cl, , [b497c4af2952ec4a33b8ae13c53e669a], Trojan.BitcoinMiner, C:\Windows\Temp\diablo130302.cl, , [8cbf88ebbfbc5cdad616972a09fac937], Trojan.BitcoinMiner, C:\Windows\Temp\poclbm130302.cl, , [d5769cd7e596ad898f5e8b36d62d0df3], Trojan.BitcoinMiner, C:\Windows\Temp\diakgcn121016.cl, , [ce7dd69d2259ef47ce208e3334cf4bb5], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\EDOWNLOAD.LOG, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\eGdpSvc.exe, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\GoPlayerSetup_br.exe, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\config.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\db.con, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\ar\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\da\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\de\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\en\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\es\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\fr\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\it\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\nl\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\pl\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\pt\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\ro\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\th\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\tr\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\tw\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\vi\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\res\lang\zh\down_lang.ini, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\body.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\bt2.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\btn_close.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\btn_min.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\config.Bindable, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\config.xml, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\glow1.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\glow2.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\logo.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\progress_bg.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\progress_over.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\rotate.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.Elex.A, C:\Users\Devil\AppData\Roaming\eDownload\skin\dl\slogo.png, , [8ebdef84d0abe056627aedd8768d6e92], PUP.Optional.DealPly.A, C:\Users\Devil\AppData\Roaming\DealPly\UpdateProc\config.dat, , [212ab5bed5a6b284662dc8b237cbde22], PUP.Optional.CoolPic, C:\Program Files\CoolPic - Fun Social Pictures\source.crx, , [bd8e2c4733481c1aa61e42381ee4f808], PUP.Optional.OpenCandy, C:\Users\Devil\AppData\Roaming\OpenCandy\9F1A7FED68744508A586ADB57EE6B66D\driverscannerROE.exe, , [67e4fc778cef84b24e7c0f6b2ed49868], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3311336\UninstallerUI.exe, , [6dde581bbdbe989e99bcd7a48b778d73], PUP.Optional.SockShareDownloader.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\jetpack\socksharedownloader@socksharedownloader.com\simple-storage\store.json, , [c388b2c1582346f0bbf6dca4669ccb35], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\torn10.crx, , [1a31e68d225944f295465d24a35fac54], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\torntemp.xpi, , [1a31e68d225944f295465d24a35fac54], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\TornTV.exe, , [1a31e68d225944f295465d24a35fac54], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\uninst.exe, , [1a31e68d225944f295465d24a35fac54], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000005.ldb, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000011.ldb, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000012.log, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\CURRENT, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOCK, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG.old, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\MANIFEST-000010, , [99b2175ce7943600930bb8d451b18e72], PUP.Optional.CrossRider.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "142e27951168c4707a517d48d8d0bab8");), ,[b6950e65d5a6ed49f58e4e3fb64e7e82] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.admin", false);), ,[7bd0a6cd116a1c1a91028d004fb55fa1] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[0f3c482bcfac0d29741f0a8346bea35d] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[8bc095dec0bb62d47b18fa9308fc0df3] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.autoRvrt", "false");), ,[4efd73003b40c670ace73954887cd52b] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[2823581b037868cebcd7e4a9887cda26] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[0a41650e9dde6acc1b78a9e427ddd12f] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.id", "e8b42bfb000000000000f46d0493783d");), ,[d279c2b184f7ec4a1b78f09d92726f91] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlDay", "15725");), ,[2922175c64178da95142fc9107fd3ec2] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[6ddef87b93e80d292073b3dabb4905fb] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[60eb442f225975c1eaa9018c9173659b] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[18332152304b2d09048f5835d92b39c7] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.rvrt", "false");), ,[f457116290ebf1453d565b3227dd17e9] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[0546284b45361224444f0588ce368878] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8b42bfb000000000000f46d0493783d&q=");), ,[18335122f3883afce0b36f1e5da7ce32] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");), ,[311ae3908eed0c2a0a89810ccc388d73] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");), ,[22295a192556d95d7c17800d1fe59c64] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[de6d0f649be07abc157e2d60b74dc13f] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=0313_1");), ,[cc7ffe7588f3ec4a9ff4503db054f20e] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.excTlbr", false);), ,[0249c0b37efd3bfbb2e17914fe064db3] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTab", false);), ,[b19a9cd77efdef472e65deaf06fe04fc] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120133&tt=0313_1&babsrc=NT_ss&mntrId=e8b42bfb000000000000f46d0493783d");), ,[7ecdcfa4f4872511e3b0fb92c44056aa] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[3813650e572443f3a9eabdd048bc0ef2] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[a2a960135c1ffa3c3e55c4c90afade22] PUP.Optional.Babylon.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.223:18:51");), ,[99b2601368136ec8573c0885758f23dd] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[39128be82556b0865644bdd0fa0ac040] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[6cdf1f54ea9171c55b3fc1cce51f5ea2] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[4a01ff74e596a09608929df0d52f28d8] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[fe4d4231adce44f277236e1f34d07d83] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), ,[f15a393af388c3737b1f424b23e103fd] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[d07b650e5d1e122437634c4136cef40c] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "e8b42bfb00000000000000ff09724650");), ,[55f6d2a1522969cd6f2bdbb2f90b738d] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15782");), ,[c9827201f784b4824654b5d8d72dbb45] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[004bcda6413af3431486870659ab3fc1] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[410a79fabdbe79bdcad0018c030125db] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[eb60660de4977db9a2f86429ed17bd43] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[7ad14d26e893b581b9e1cfbe09fb7b85] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[05467af92655c274326892fbae563fc1] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[0b40b5bebac1fe385743e0ad73918d73] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[2d1e334089f25cda7d1d7b1218eceb15] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[2427c8ab1467a19556440e7fae56629e] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.10.0");), ,[77d4a4cfbbc006305743187548bc649c] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.10.021:27:10");), ,[6edd43307308ac8a5842325bf50f04fc] PUP.Optional.Delta.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.10.0");), ,[05464f24fc7fb086eab00a83b94b0cf4] PUP.Optional.Conduit.A, C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN18007227791151922&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");), ,[c9823241cfac79bd7b7d4c4115efa15f] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.06.2014 Suchlauf-Zeit: 22:52:11 Logdatei: mbam1.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.01.08 Rootkit Datenbank: v2014.05.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Devil Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 343944 Verstrichene Zeit: 10 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 6 Trojan.BitCoinMiner, C:\Windows\Temp\svchost.exe, In Quarantäne, [410b12615328c96da232ae5bb15030d0], Trojan.BitcoinMiner, C:\Windows\Temp\phatk121016.cl, In Quarantäne, [8fbd6e05314ac96d618b9e23a261718f], Trojan.BitcoinMiner, C:\Windows\Temp\scrypt130511.cl, In Quarantäne, [e864d0a3156692a4cf1e8f32d23147b9], Trojan.BitcoinMiner, C:\Windows\Temp\diablo130302.cl, In Quarantäne, [f25afe758fecad89e00ed7ea7a89ca36], Trojan.BitcoinMiner, C:\Windows\Temp\poclbm130302.cl, In Quarantäne, [98b44b28e09b0333ef0000c11ee51ae6], Trojan.BitcoinMiner, C:\Windows\Temp\diakgcn121016.cl, In Quarantäne, [1f2db8bb4e2d181eb0403b860ef5d729], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner[R0]: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 01/06/2014 um 23:18:04
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Devil - NEO
# Gestartet von : C:\Users\Devil\Desktop\Desktop\Trojaner-Board\adwcleaner_3.211.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : BCUService
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\invalidprefs.js
Datei Gefunden : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\claro.xml
Datei Gefunden : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\safesearch.xml
Datei Gefunden : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\BrowserProtect
Datei Gefunden : C:\Windows\System32\Tasks\Dealply
Datei Gefunden : C:\Windows\System32\Tasks\DealPlyUpdate
Datei Gefunden : C:\Windows\System32\Tasks\EPUpdater
Datei Gefunden : C:\Windows\System32\Tasks\Express FilesUpdate
Datei Gefunden : C:\Windows\System32\Tasks\Software Updater
Datei Gefunden : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gefunden : C:\Windows\System32\Tasks\VisualBeeRecovery
Datei Gefunden : C:\Windows\System32\Tasks\YourFile DownloaderUpdate
Ordner Gefunden : C:\Program Files (x86)\1ClickDownload
Ordner Gefunden : C:\Program Files (x86)\BearShare Applications
Ordner Gefunden : C:\Program Files (x86)\Common Files\Tobit
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\DeviceVM
Ordner Gefunden : C:\Program Files (x86)\Surf Canyon
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\Conduit
Ordner Gefunden : C:\ProgramData\DeviceVM
Ordner Gefunden : C:\ProgramData\PC Optimizer Pro
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\ProgramData\VisualBee
Ordner Gefunden : C:\Users\Administrator\AppData\Roaming\DeviceVM
Ordner Gefunden : C:\Users\Devil\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Devil\AppData\Local\DownloadGuide
Ordner Gefunden : C:\Users\Devil\AppData\Local\NativeMessaging
Ordner Gefunden : C:\Users\Devil\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Devil\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Devil\AppData\Local\Savings Vault
Ordner Gefunden : C:\Users\Devil\AppData\Local\SearchProtect
Ordner Gefunden : C:\Users\Devil\AppData\Local\Software_Updater
Ordner Gefunden : C:\Users\Devil\AppData\Local\SoftwareUpdater
Ordner Gefunden : C:\Users\Devil\AppData\Local\SwvUpdater
Ordner Gefunden : C:\Users\Devil\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Devil\AppData\LocalLow\GutscheinCodes
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\Claro LTD
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\DeviceVM
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\eIntaller
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\eType
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\ExpressFiles
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\Tobit
Ordner Gefunden : C:\Users\Devil\AppData\Roaming\YourFileDownloader
Ordner Gefunden : C:\Users\Devil\Documents\Optimizer Pro
Ordner Gefunden : C:\Windows\SysWOW64\hotspot shield
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DeviceVM
Schlüssel Gefunden : HKCU\Software\ee8cddb66eba13
Schlüssel Gefunden : HKCU\Software\ExpressFiles
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gefunden : HKCU\Software\Imesh
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\pc optimizer pro
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKCU\Software\anchorfree
Schlüssel Gefunden : [x64] HKCU\Software\BI
Schlüssel Gefunden : [x64] HKCU\Software\Claro LTD
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DeviceVM
Schlüssel Gefunden : [x64] HKCU\Software\ExpressFiles
Schlüssel Gefunden : [x64] HKCU\Software\Imesh
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\pc optimizer pro
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DeviceVM
Schlüssel Gefunden : HKLM\Software\ExpressFiles
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_asus-smart-doctor_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_asus-smart-doctor_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monopoly-3_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monopoly-3_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gefunden : HKLM\Software\SafetyNut
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Speedchecker Limited
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v21.0 (de)
[ Datei : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js ]
Zeile gefunden : user_pref("CT3311336.FF19Solved", "true");
Zeile gefunden : user_pref("CT3311336.UserID", "UN18007227791151922");
Zeile gefunden : user_pref("CT3311336.browser.search.defaultthis.engineName", "true");
Zeile gefunden : user_pref("CT3311336.fullUserID", "UN18007227791151922.IN.20131210200430");
Zeile gefunden : user_pref("CT3311336.installDate", "10/12/2013 20:04:32");
Zeile gefunden : user_pref("CT3311336.installSessionId", "{F667FDEE-25CD-4308-ADBD-6014DFB579B2}");
Zeile gefunden : user_pref("CT3311336.installSp", "TRUE");
Zeile gefunden : user_pref("CT3311336.installUsage", "10/12/2013 20:14:35");
Zeile gefunden : user_pref("CT3311336.installUsageEarly", "10/12/2013 20:14:35");
Zeile gefunden : user_pref("CT3311336.installerVersion", "1.8.1.4");
Zeile gefunden : user_pref("CT3311336.keyword", "true");
Zeile gefunden : user_pref("CT3311336.originalHomepage", "about:home");
Zeile gefunden : user_pref("CT3311336.originalSearchAddressUrl", "");
Zeile gefunden : user_pref("CT3311336.originalSearchEngine", "");
Zeile gefunden : user_pref("CT3311336.originalSearchEngineName", "");
Zeile gefunden : user_pref("CT3311336.searchRevert", "true");
Zeile gefunden : user_pref("CT3311336.searchUninstallUserMode", "2");
Zeile gefunden : user_pref("CT3311336.searchUserMode", "2");
Zeile gefunden : user_pref("CT3311336.smartbar.homepage", "true");
Zeile gefunden : user_pref("CT3311336.toolbarInstallDate", "10-12-2013 20:04:30");
Zeile gefunden : user_pref("CT3311336.versionFromInstaller", "10.22.5.170");
Zeile gefunden : user_pref("CT3311336.xpeMode", "0");
Zeile gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Freemium DE Customized Web Search");
Zeile gefunden : user_pref("browser.search.defaultthis.engineName", "Freemium DE Customized Web Search");
Zeile gefunden : user_pref("extensions.claro.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.claro.rvrt", "false");
Zeile gefunden : user_pref("extensions.claro_i.newTab", false);
Zeile gefunden : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Zeile gefunden : user_pref("smartbar.addressBarOwnerCTID", "CT3311336");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311336&CUI=UN18007227791151922&UM=2&SearchSource=13&sspv=TB_TNI,hxxp://search.conduit.com/?ctid=CT3311336&CUI=UN1800722779[...]
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN18007227791151922&UM=2&sspv=TB_TNI&q=,hxxp://search.conduit.com/Results[...]
Zeile gefunden : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311336");
Zeile gefunden : user_pref("smartbar.homePageOwnerCTID", "CT3311336");
Zeile gefunden : user_pref("smartbar.machineId", "X/ZAK1QGGBT7AB+KFCV61CSYOPO7UJC1ROYPISBVUJ7OSDHSHZ2EPTN2G3RAV0J1JHVULMVZQKGTXEVMO06CWQ");
Zeile gefunden : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311336&CUI=UN18007227791151922&UM=2&SearchSource=13&sspv=TB_CNI");
-\\ Google Chrome v
[ Datei : C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Gefunden [Extension] : jbpkiefagocgkmemidfngdkamloieekf
Gefunden [Extension] : kiplfnciaokpcennlkldkdaeaaomamof
Gefunden [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
*************************
AdwCleaner[R0].txt - [23397 octets] - [01/06/2014 23:18:04]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [23458 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01 Ran by Devil (administrator) on NEO on 01-06-2014 23:53:07 Running from C:\Users\Devil\Desktop\Desktop\Trojaner-Board Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrSaz.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corporation) C:\Windows\System32\schtasks.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe (Volkswagen AG) D:\ElsaWin\bin\LcSvrAuf.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Devil\Desktop\Desktop\Trojaner-Board\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {A1DABF90-F83C-4a5a-8000-514E06654FA7} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} SearchScopes: HKCU - {C3EA6126-6E4F-4d88-978E-291625E6B2A1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\ich@maltegoetz.de [2013-12-11] FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\admin@proxy-listen.de.xpi [2013-02-12] FF Extension: Adblock Plus - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-14] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: https://www.google.de/ CHR StartupUrls: "https://www.google.de/" CHR Plugin: (Shockwave Flash) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (phonostar Detector) - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) CHR Plugin: (Google Update) - C:\Users\Devil\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Extension: (ProxFlow) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-30] CHR Extension: (Adblock Plus) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-28] CHR Extension: (AdBlock) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-28] CHR Extension: (Google Wallet) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKCU\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10] CHR HKLM-x32\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24] CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx [2014-05-24] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 LcSvrAdm; D:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) R3 LcSvrAuf; D:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) R2 LcSvrDba; D:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) R2 LcSvrHis; D:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) R2 LcSvrPAS; D:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) R2 LcSvrSaz; D:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-10-29] () S4 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [360960 2010-10-25] (iZ3D Inc.) S4 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [480768 2010-10-25] (iZ3D Inc.) ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [63872 2006-10-29] (Broadcom Corporation.) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-29] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140530.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R1 iZ3DInjectionDriver; C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2010-10-06] () R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140531.004\ENG64.SYS [126040 2014-04-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140531.004\EX64.SYS [2099288 2014-04-29] (Symantec Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-24] (Duplex Secure Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.) S3 usbaudio; C:\Windows\SysWOW64\drivers\usbaudio.sys [39840 1998-08-21] (Microsoft Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.) S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [53960 2011-01-13] (usb camera) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.) S3 zonescreen; C:\Windows\System32\DRIVERS\zsport.sys [12024 2010-10-31] (ZoneOS) S3 btaudio; system32\drivers\btaudio.sys [X] S3 BTDriver; system32\DRIVERS\btport.sys [X] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X] S3 btwhid; system32\DRIVERS\btwhid.sys [X] S3 btwmodem; system32\DRIVERS\btwmodem.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S1 EIO64; system32\DRIVERS\EIO64.sys [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 23:34 - 2014-06-01 23:34 - 00005126 _____ () C:\Users\Devil\Desktop\JRT.txt 2014-06-01 23:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-01 22:51 - 2014-06-01 23:26 - 00000000 ____D () C:\AdwCleaner 2014-06-01 22:37 - 2014-06-01 22:37 - 00029503 _____ () C:\mbam.txt 2014-06-01 22:18 - 2014-06-01 23:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-01 22:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-01 22:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-01 22:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-31 23:05 - 2014-05-31 23:15 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\MAGIX 2014-05-31 22:59 - 2014-05-31 22:59 - 00000000 ____D () C:\Users\Devil\Documents\MAGIX_MusicEditor 2014-05-31 22:58 - 2014-05-31 23:06 - 00000000 ____D () C:\ProgramData\MAGIX 2014-05-31 22:58 - 2014-05-31 23:05 - 00000000 ___RD () C:\Users\Devil\Documents\MAGIX 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-05-31 21:13 - 2014-05-31 21:13 - 00025994 _____ () C:\ComboFix.txt 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\dub_cm_auto\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-05-31 21:00 - 2014-06-01 23:41 - 00031682 _____ () C:\Windows\PFRO.log 2014-05-31 20:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-31 20:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-31 20:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-31 20:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-31 20:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-31 20:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-31 20:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-31 20:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-31 20:41 - 2014-05-31 21:13 - 00000000 ____D () C:\Qoobox 2014-05-31 20:41 - 2014-05-31 21:11 - 00000000 ____D () C:\Windows\erdnt 2014-05-31 20:26 - 2014-05-31 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-30 20:56 - 2014-05-30 20:58 - 00000000 ____D () C:\Users\Devil\kratzer 2014-05-29 23:26 - 2014-05-29 23:26 - 00018473 _____ () C:\Windows\DirectX.log 2014-05-29 16:46 - 2014-05-29 16:54 - 00000000 ____D () C:\Users\Devil\UNI 2014-05-29 15:27 - 2014-05-29 15:27 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-05-28 20:10 - 2014-06-01 23:53 - 00000000 ____D () C:\FRST 2014-05-28 19:59 - 2014-06-01 23:44 - 00011009 _____ () C:\Windows\setupact.log 2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable 2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI 2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log 2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD 2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-05-27 23:13 - 2014-04-18 04:42 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-05-27 23:13 - 2014-04-18 04:42 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-05-27 23:13 - 2014-04-18 04:42 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-05-27 23:13 - 2014-04-18 04:42 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-05-27 23:13 - 2014-04-18 04:42 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-05-27 23:13 - 2014-04-18 04:39 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2014-05-27 23:13 - 2014-04-18 04:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-05-27 23:13 - 2014-04-18 04:23 - 00231424 _____ () C:\Windows\system32\clinfo.exe 2014-05-27 23:13 - 2014-04-18 04:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-05-27 23:13 - 2014-04-18 04:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-05-27 23:13 - 2014-04-18 04:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-05-27 23:13 - 2014-04-18 04:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-05-27 23:13 - 2014-04-18 04:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-05-27 23:13 - 2014-04-18 04:17 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-05-27 23:13 - 2014-04-18 04:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2014-05-27 23:13 - 2014-04-18 04:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2014-05-27 23:13 - 2014-04-18 04:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-05-27 23:13 - 2014-04-18 04:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2014-05-27 23:13 - 2014-04-18 03:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2014-05-27 23:13 - 2014-04-18 03:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-05-27 23:13 - 2014-04-18 03:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb 2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb 2014-05-27 23:13 - 2014-04-18 03:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-05-27 23:13 - 2014-04-18 03:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-05-27 23:13 - 2014-04-18 03:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-05-27 23:13 - 2014-04-18 03:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-05-27 23:13 - 2014-04-18 03:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-05-27 23:13 - 2014-04-18 03:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2014-05-27 23:13 - 2014-04-18 03:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2014-05-27 23:13 - 2014-04-18 03:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-05-27 23:13 - 2014-04-18 03:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2014-05-27 23:13 - 2014-04-18 03:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2014-05-27 23:13 - 2014-04-18 03:30 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-05-27 23:13 - 2014-04-18 03:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-05-27 23:13 - 2014-04-18 03:29 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe 2014-05-27 23:13 - 2014-04-18 03:29 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2014-05-27 23:13 - 2014-04-18 03:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap 2014-05-27 23:13 - 2014-04-18 03:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-05-27 23:13 - 2014-04-18 03:21 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll 2014-05-27 23:13 - 2014-04-18 03:17 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap 2014-05-27 23:13 - 2014-04-18 03:09 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2014-05-27 23:13 - 2014-04-18 03:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-05-27 23:13 - 2014-04-18 03:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-05-27 23:13 - 2014-04-18 03:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-05-27 23:13 - 2014-04-18 03:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-05-27 23:13 - 2014-04-10 19:58 - 00082128 _____ () C:\Windows\system32\ativce02.dat 2014-05-27 23:13 - 2014-04-01 00:06 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat 2014-05-27 23:13 - 2014-04-01 00:04 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat 2014-05-27 23:13 - 2014-02-06 17:45 - 00134192 _____ () C:\Windows\system32\ativce03.dat 2014-05-27 23:13 - 2014-01-16 19:00 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat 2014-05-27 23:13 - 2014-01-16 18:59 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat 2014-05-27 23:13 - 2014-01-16 10:34 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat 2014-05-27 23:13 - 2013-12-19 18:45 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys 2014-05-27 23:13 - 2013-12-19 18:44 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll 2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX 2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX 2014-05-27 22:45 - 2014-05-27 22:46 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt 2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp 2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp 2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt 2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll 2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp 2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games 2014-05-05 22:25 - 2014-05-06 18:41 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai 2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames 2014-05-04 00:21 - 2014-05-16 19:57 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt 2014-05-02 19:58 - 2014-05-02 19:58 - 00000044 _____ () C:\Users\Devil\Documents\RalfKonto1.txt ==================== One Month Modified Files and Folders ======= 2056-04-24 22:17 - 2014-03-25 23:02 - 00004096 _____ () C:\Users\Public\Documents\0000319C.LCS 2056-04-24 22:17 - 2014-03-25 23:00 - 00000000 ____D () C:\WDIGIPET 2015-08-01 19:43 - 2014-03-26 00:14 - 00000368 _____ () C:\Users\Devil\Documents\ax_files.xml 2015-08-01 19:43 - 2013-10-27 20:58 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72B68498-F2A6-46D9-BBFA-FB3ABA89363F} 2014-06-01 23:53 - 2014-05-28 20:10 - 00000000 ____D () C:\FRST 2014-06-01 23:53 - 2013-04-20 18:20 - 00000000 ____D () C:\Users\Devil\AppData\Local\Temp 2014-06-01 23:47 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-01 23:47 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-01 23:46 - 2012-08-26 16:38 - 01826476 _____ () C:\Windows\WindowsUpdate.log 2014-06-01 23:45 - 2014-06-01 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-01 23:44 - 2014-05-28 19:59 - 00011009 _____ () C:\Windows\setupact.log 2014-06-01 23:42 - 2014-04-25 22:24 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-01 23:42 - 2014-02-20 23:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-01 23:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-01 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-01 23:41 - 2014-05-31 21:00 - 00031682 _____ () C:\Windows\PFRO.log 2014-06-01 23:37 - 2012-10-20 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-01 23:36 - 2014-04-25 22:24 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-01 23:34 - 2014-06-01 23:34 - 00005126 _____ () C:\Users\Devil\Desktop\JRT.txt 2014-06-01 23:26 - 2014-06-01 22:51 - 00000000 ____D () C:\AdwCleaner 2014-06-01 23:24 - 2012-08-26 19:37 - 00000000 ____D () C:\Users\Devil\AppData\Local\CrashDumps 2014-06-01 23:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance 2014-06-01 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI 2014-06-01 22:37 - 2014-06-01 22:37 - 00029503 _____ () C:\mbam.txt 2014-06-01 22:25 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Programme 2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-01 22:18 - 2013-12-12 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-01 21:41 - 2012-09-27 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA.job 2014-06-01 21:33 - 2009-07-14 06:45 - 03142656 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-31 23:24 - 2012-08-26 17:15 - 00158720 _____ () C:\Users\Devil\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-31 23:15 - 2014-05-31 23:05 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\MAGIX 2014-05-31 23:06 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\MAGIX 2014-05-31 23:05 - 2014-05-31 22:58 - 00000000 ___RD () C:\Users\Devil\Documents\MAGIX 2014-05-31 22:59 - 2014-05-31 22:59 - 00000000 ____D () C:\Users\Devil\Documents\MAGIX_MusicEditor 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-05-31 22:58 - 2014-04-26 17:53 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-05-31 22:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-05-31 22:13 - 2013-02-11 00:36 - 00000000 ____D () C:\Users\Devil\Hitfaker 2014-05-31 22:13 - 2012-12-03 19:07 - 00000000 ____D () C:\Users\Devil\Schule 2014-05-31 22:13 - 2012-08-26 16:47 - 00000000 ____D () C:\Users\Devil 2014-05-31 22:12 - 2012-08-30 23:10 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\vlc 2014-05-31 21:13 - 2014-05-31 21:13 - 00025994 _____ () C:\ComboFix.txt 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\dub_cm_auto\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-05-31 21:13 - 2014-05-31 20:41 - 00000000 ____D () C:\Qoobox 2014-05-31 21:13 - 2014-04-22 21:07 - 00000000 ____D () C:\Users\dub_cm_auto 2014-05-31 21:11 - 2014-05-31 20:41 - 00000000 ____D () C:\Windows\erdnt 2014-05-31 21:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-31 20:59 - 2009-07-14 04:34 - 97517568 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-31 20:59 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-31 20:26 - 2014-05-31 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-30 23:26 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Games 2014-05-30 21:18 - 2009-08-25 20:32 - 00666448 _____ () C:\Windows\system32\perfh01D.dat 2014-05-30 21:18 - 2009-08-25 20:32 - 00147772 _____ () C:\Windows\system32\perfc01D.dat 2014-05-30 21:18 - 2009-08-25 19:41 - 00728092 _____ () C:\Windows\system32\perfh019.dat 2014-05-30 21:18 - 2009-08-25 19:41 - 00156268 _____ () C:\Windows\system32\perfc019.dat 2014-05-30 21:18 - 2009-08-25 19:33 - 00747838 _____ () C:\Windows\system32\perfh013.dat 2014-05-30 21:18 - 2009-08-25 19:33 - 00158702 _____ () C:\Windows\system32\perfc013.dat 2014-05-30 21:18 - 2009-08-25 19:25 - 00497186 _____ () C:\Windows\system32\perfh014.dat 2014-05-30 21:18 - 2009-08-25 19:25 - 00100410 _____ () C:\Windows\system32\perfc014.dat 2014-05-30 21:18 - 2009-08-25 19:18 - 00744652 _____ () C:\Windows\system32\perfh010.dat 2014-05-30 21:18 - 2009-08-25 19:18 - 00152658 _____ () C:\Windows\system32\perfc010.dat 2014-05-30 21:18 - 2009-08-25 19:09 - 00749858 _____ () C:\Windows\system32\perfh00C.dat 2014-05-30 21:18 - 2009-08-25 19:09 - 00155216 _____ () C:\Windows\system32\perfc00C.dat 2014-05-30 21:18 - 2009-08-25 19:01 - 00484696 _____ () C:\Windows\system32\perfh00B.dat 2014-05-30 21:18 - 2009-08-25 19:01 - 00107284 _____ () C:\Windows\system32\perfc00B.dat 2014-05-30 21:18 - 2009-08-25 18:54 - 00749602 _____ () C:\Windows\system32\perfh00A.dat 2014-05-30 21:18 - 2009-08-25 18:54 - 00164930 _____ () C:\Windows\system32\perfc00A.dat 2014-05-30 21:18 - 2009-08-25 18:46 - 00712886 _____ () C:\Windows\system32\perfh007.dat 2014-05-30 21:18 - 2009-08-25 18:46 - 00155216 _____ () C:\Windows\system32\perfc007.dat 2014-05-30 21:18 - 2009-08-25 18:38 - 00512432 _____ () C:\Windows\system32\perfh006.dat 2014-05-30 21:18 - 2009-08-25 18:38 - 00104394 _____ () C:\Windows\system32\perfc006.dat 2014-05-30 21:18 - 2009-07-14 07:13 - 08781340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-30 20:58 - 2014-05-30 20:56 - 00000000 ____D () C:\Users\Devil\kratzer 2014-05-30 17:22 - 2013-12-31 18:49 - 00000000 ____D () C:\Windows\system32\Drivers\etc\SK 2014-05-29 23:42 - 2012-12-10 17:26 - 00000000 ____D () C:\ProgramData\Orbit 2014-05-29 23:42 - 2012-08-28 19:04 - 00000000 ____D () C:\Users\Devil\Documents\My Games 2014-05-29 23:27 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-29 23:26 - 2014-05-29 23:26 - 00018473 _____ () C:\Windows\DirectX.log 2014-05-29 19:41 - 2012-09-27 15:39 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core.job 2014-05-29 16:54 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\Devil\UNI 2014-05-29 16:39 - 2012-12-18 20:56 - 00000000 ____D () C:\Users\Devil\.gimp-2.8 2014-05-29 16:27 - 2013-04-25 15:17 - 00000056 _____ () C:\Windows\Acroread.ini 2014-05-29 16:25 - 2013-04-24 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsaWin 2014-05-29 16:25 - 2013-04-24 21:56 - 00000344 _____ () C:\Windows\ODBC.INI 2014-05-29 15:27 - 2014-05-29 15:27 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-05-29 15:27 - 2012-11-15 20:52 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-05-29 15:27 - 2012-08-26 20:24 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DAEMON Tools Lite 2014-05-28 20:19 - 2012-09-07 18:37 - 00000000 ____D () C:\Windows\pss 2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable 2014-05-27 23:38 - 2012-09-12 20:18 - 00524288 ___SH () C:\Users\Devil\Thumbs.db 2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI 2014-05-27 23:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log 2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-05-27 23:17 - 2012-08-26 17:19 - 00000000 ____D () C:\ProgramData\AMD 2014-05-27 23:16 - 2012-08-26 17:17 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD 2014-05-27 23:08 - 2014-04-29 20:00 - 00000000 ____D () C:\Users\Devil\GLUCOFACTS Deluxe 2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX 2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX 2014-05-27 22:48 - 2012-09-07 18:45 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-05-27 22:46 - 2014-05-27 22:45 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt 2014-05-27 17:52 - 2012-08-26 22:39 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-05-27 13:31 - 2013-07-31 19:06 - 00000000 ___RD () C:\Users\Devil\Desktop\Software 2014-05-27 01:29 - 2014-02-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Bridge Building Game 2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp 2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp 2014-05-24 23:24 - 2014-03-29 19:59 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-24 23:24 - 2013-11-14 20:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-24 23:24 - 2013-04-23 18:54 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-23 22:16 - 2012-11-07 20:16 - 05581312 ___SH () C:\Users\Devil\Desktop\Thumbs.db 2014-05-23 17:13 - 2013-07-15 19:39 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-05-23 17:13 - 2012-08-30 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-23 17:12 - 2012-08-30 22:06 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DVDVideoSoft 2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt 2014-05-16 19:57 - 2014-05-04 00:21 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt 2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll 2014-05-12 07:26 - 2014-06-01 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-01 22:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-01 22:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp 2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp 2014-05-08 19:36 - 2012-09-27 15:39 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA 2014-05-08 19:36 - 2012-09-27 15:39 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core 2014-05-06 18:41 - 2014-05-05 22:25 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai 2014-05-06 18:34 - 2014-04-28 22:16 - 00000000 ____D () C:\Keule306 2014-05-06 17:31 - 2014-04-25 22:24 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-06 17:31 - 2014-04-25 22:24 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-05 22:46 - 2013-01-21 18:32 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games 2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames 2014-05-02 19:58 - 2014-05-02 19:58 - 00000044 _____ () C:\Users\Devil\Documents\RalfKonto1.txt Files to move or delete: ==================== C:\Users\Devil\AppData\Roaming\CamLayout.ini C:\Users\Devil\AppData\Roaming\CamShapes.ini C:\Users\Devil\scroll_app_smart_4.00.33.exe C:\Users\Devil\setpoint6.61.15_64.exe C:\Users\Devil\WhiteCap_505_Platinum.exe C:\Users\Devil\AppData\Roaming\Origin\update.vbe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-24 22:22 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- |
|
02.06.2014, 19:02
| #10 |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur AdwCleaner auch löschen lassen! ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 16:17
| #11 |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo, ich habe es versucht den "AdwCleaner" löschen zu lassen. Nur leider ist das Programm jedes Mal beim löschen abgestürzt. Es hat etwas gedauert bis ich festgestellt habe das ich meinen Browser schließen muss, wenn ich "AdwCleaner" arbeiten lasse. Ich habe das Programm noch einmal ausgeführt und löschen lassen und folgenden LOG erhalten: AdwCleaner: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 02/06/2014 um 21:41:01
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Devil - NEO
# Gestartet von : D:\Downloads\adwcleaner_3.211 (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v21.0 (de)
[ Datei : C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [23783 octets] - [01/06/2014 23:18:04]
AdwCleaner[R1].txt - [1057 octets] - [01/06/2014 23:24:48]
AdwCleaner[R2].txt - [1118 octets] - [01/06/2014 23:26:14]
AdwCleaner[R3].txt - [1178 octets] - [02/06/2014 21:37:54]
AdwCleaner[R4].txt - [1270 octets] - [02/06/2014 21:40:02]
AdwCleaner[S0].txt - [22622 octets] - [01/06/2014 23:24:20]
AdwCleaner[S1].txt - [1240 octets] - [02/06/2014 21:38:41]
AdwCleaner[S2].txt - [1191 octets] - [02/06/2014 21:41:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1251 octets] ##########
(Der Scan hat bei mir sagenhafte 12 Stunden gedauert) Am Ende habe ich wie beschrieben den Pfad geöffnet und die LOG-Datei gesucht nur leider war nichts vorhanden. (Ich habe ein Bild des ESET-Ordners in den Anhang geladen) Ich hatte zum Glück vorher auf "Als .txt speichern" geklickt und folgendes erhalten: ESET: Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung
C:\AdwCleaner\Quarantine\C\Users\Devil\AppData\Local\Conduit\Chrome\CT3311336\CHUninstaller.exe.vir Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Devil\AppData\Local\NativeMessaging\CT3311336\1_0_0_6\TBMessagingHost.exe.vir Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Devil\AppData\Roaming\eIntaller\ECFEAA45192349809BEBFAC7CA8D8DDF\eXQ.exe.vir Variante von Win32/ELEX.D evtl. unerwünschte Anwendung
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\setup.exe MSIL/TrojanClicker.Agent.NBH Trojaner
C:\Program Files (x86)\LucasArts\Republic Heroes\RepublicHeroesLauncher.exe Win32/HackTool.Crack.BC potenziell unsichere Anwendung
C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung
C:\Users\Devil\AppData\Local\Temp\tmpFA19.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Devil\AppData\Roaming\Origin\update.vbe VBS/CoinMiner.AD Trojaner
C:\Users\Devil\Desktop\Desktop\Alcohol\Alcohol 120% 2.0.2 Build 5830 Retail\Alcohol120_retail_2.0.2.5830.exe Win32/SmartFileAdvisor.B evtl. unerwünschte Anwendung
C:\Users\Devil\Desktop\Desktop\NFSWhack\Neuer Ordner6\CE Installer\CheatEngine63.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\BoneTown v1.1.1 + 14 Trainer.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Ex_NFS Underground 1.4.exe Variante von Win32/GameHack.HH potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\ins-cs16.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Sniper-Ghost Warrior 2 +9TrainerByAfterMan.EXE Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Star Wars - The Force Unleashed 2 (1.0.0.0) + 5 Trainer.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Star Wars The Force Unleashed 2 Trainer.EXE Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Yu-Gi-Oh! Power of Chaos - Kaiba the Revenge Trainer +5.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Yu-Gi-Oh! Power of Chaos Joey the Passion Trainer +5.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\LaNanov11.1\KMSnano.exe Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\LaNanov11.1\KMSnano\KMSELDI.exe Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\lotr\The Battle for Middle-earth II.exe Variante von Win32/GameHack.HH potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\lotr\The Lord of the Rings, The Rise of the Witch-king.exe Variante von Win32/GameHack.HH potenziell unsichere Anwendung
C:\Users\Devil\Desktop\Software\Motogp\trainer.exe Variante von Win32/GameHack.G potenziell unsichere Anwendung
C:\Users\Devil\Downloads\Neuer Ordner (3)\Downloads\avira_free_antivirus_de_13.0.0.2688.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Dateien\Eigene Dateien\AppData\Local\Babylon\Setup\Setup.exe Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung
D:\Dateien\Eigene Dateien\AppData\Local\Conduit\CT1060933\FreecorderAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung
D:\Dateien\Eigene Dateien\AppData\LocalLow\Freecorder\ldrtbFree.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
D:\Dateien\Eigene Dateien\AppData\LocalLow\Freecorder\tbFree.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
D:\Dateien\Eigene Dateien\AppData\LocalLow\Freecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
D:\Dateien\Eigene Dateien 2\Devil\AppData\Roaming\OpenCandy\OpenCandy_06D251393403426382098FF0599296F5\LatestDLMgr.exe Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
D:\Downloads\7ZipSetup-d56hlzZ.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\7ZipSetup-fFRA0fH.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\7zip_RocketFuelInstaller.exe Variante von Win32/Verti.B evtl. unerwünschte Anwendung
D:\Downloads\854SKIDROWCRACK.rar Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Downloads\984189564.part11.rar.exe Win32/InstalleRex.J evtl. unerwünschte Anwendung
D:\Downloads\Babylon10_setup.exe Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung
D:\Downloads\blur-ch.zip Variante von Win32/GameHack.F potenziell unsichere Anwendung
D:\Downloads\cavefrenzy_d3421513.exe Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung
D:\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
D:\Downloads\ccsetup324 (1).exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
D:\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
D:\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
D:\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
D:\Downloads\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\Cheat Engine - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\CheatEngine.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\CheatEngine62 (1).exe Variante von Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\CheatEngine62.exe Variante von Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeAVIVideoConverter.exe Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung
D:\Downloads\CoolPic_mg_33513003 (1).exe Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung
D:\Downloads\CoolPic_mg_33513003.exe Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung
D:\Downloads\CoolPic_mg_35446503.exe Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung
D:\Downloads\CrystalDiskInfo6_0_4-en.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\Darksiders_Wrath_Of_War_Darkorbit.exe Win32/Adware.1ClickDownload.G Anwendung
D:\Downloads\DE_FreePDFperfect.exe Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung
D:\Downloads\DiaShowYouTube7711Setup.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\DivX_Reloaded_4.7.exe Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung
D:\Downloads\Doppelkopf_Xxl_3.1.0.3029_downloader_133 (1).exe Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung
D:\Downloads\doppelkopf_xxl_3.1.0.3029_downloader_133.exe Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung
D:\Downloads\DTLite4461-0327.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\DTLite4471-0333.exe Win32/DownWare.L evtl. unerwünschte Anwendung
D:\Downloads\DVDStyler-2.2-win32.exe Win32/DownWare.W evtl. unerwünschte Anwendung
D:\Downloads\DVDStyler-2.6.1-win32.exe Win32/Somoto.E evtl. unerwünschte Anwendung
D:\Downloads\ENSLAVED Odyssey to the West Premium Edition V1.0 Trainer +3 MrAntiFun.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\etypesetup (1).exe Variante von Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\etypesetup (2).exe Variante von Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\etypesetup.exe Variante von Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\exe Win32/InstalleRex.I evtl. unerwünschte Anwendung
D:\Downloads\FAR.CRY.3.PLUS4TRN.GIR489.ZIP Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\finaltorrent_2.exe Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung
D:\Downloads\FlashPlayer_11.3.dl.exe Win32/AdWare.Lollipop.S Anwendung
D:\Downloads\flvmplayer (1).exe MSIL/Solimba.H evtl. unerwünschte Anwendung
D:\Downloads\flvmplayer.exe MSIL/Solimba.H evtl. unerwünschte Anwendung
D:\Downloads\FLVPlayerSetup-5oSUJ7H.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\FLVPlayerSetup-6XS99hT.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\Free3GPVideoConverter_5024430.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeAudioConverterSetup-9AxX4K7.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\FreeAVIVideoConverter.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\freefileviewer_2.exe Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung
D:\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeStudio.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeVideoDub2.0.22.925.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeVideoToFlashConverter5.0.32.1230.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeVideoToMP3Converter_5.0.17.825.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeDownload (1).exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeDownload-3.2.20.1230.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeDownload325.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeDownload_3.1.34.825.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeDownload_3.1.42.1212.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeDownload_3.2.1.320 (1).exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeDownload_3.2.1.320.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeDownload_3.2.2.430.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeToMP3Converter (1).exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeToMP3Converter (2).exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeToMP3Converter (3).exe Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter (4).exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubetoMP3Converter.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter_3.11.29.825.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter_3.12.1.320.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter_3.12.2.430.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\frostwire-5.3.4.windows.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\FtlEs BFME2 Plus 3 Trn.zip Variante von Win32/GameHack.HH potenziell unsichere Anwendung
D:\Downloads\gghz-ascrd3v1.01trn.zip Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\gghz-fc3dx11v1.01trn.zip Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\gghz-flctr.rar Variante von Win32/GameHack.HH potenziell unsichere Anwendung
D:\Downloads\gghz-koarv1.0.0.2trn (1).rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\gghz-koarv1.0.0.2trn.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\GoPlayer.exe Variante von Win32/ELEX.C evtl. unerwünschte Anwendung
D:\Downloads\HijackThis - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\Hitman Absolution v1.0 plus 5 Trainer - CH.zip möglicherweise Variante von Win32/GameHack.BE potenziell unsichere Anwendung
D:\Downloads\Ichi_The_Killer_German_2001_DVDRip_LD_xVCD.exe Win32/Adware.1ClickDownload.G Anwendung
D:\Downloads\iLividSetup (1).exe Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\iLividSetup (2).exe Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\ins-cs16.zip Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\installtomsdokodemo-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\LaNanov11.1.rar Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung
D:\Downloads\Leiterspiel-Downloader.exe Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung
D:\Downloads\maxp3.7z Variante von Win32/Packed.VMProtect.AAH Trojaner
D:\Downloads\MaxPayneTrn+4.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\megatorrents_org_p4874954.exe Variante von Win32/LoadMoney.D evtl. unerwünschte Anwendung
D:\Downloads\MotoGP_13_TRAINER.rar_downloader_de_99280.exe Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung
D:\Downloads\mscomctlocxupdater.exe Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung
D:\Downloads\MSI Afterburner - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\nfsw_trainer_by_keule306_ce.zip Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\No23Recorder.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\OnlineWeatherSetup-2mIV1hG.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\OnlineWeatherSetup-535UsJs.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\OnlineWeatherSetup-9DaDcF8.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\OpenOffice - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\PacmanSDM.exe Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung
D:\Downloads\Prince_of_Persia_The_Forgotten_Sands_Trainer.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\PROMOWatchDogs_All_Versions_TRN-dEVIATED.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\PS3 Emulator 1.9.4.rar Variante von MSIL/Hoax.Emulator.A Anwendung
D:\Downloads\PSeMu3 (1).zip Variante von MSIL/Hoax.Agent.NAE Anwendung
D:\Downloads\PSeMu3.zip Variante von MSIL/Hoax.Agent.NAE Anwendung
D:\Downloads\rld-baaroru3.7z Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
D:\Downloads\rld-rlegends.7z Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Downloads\rld-saints4.7z Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Downloads\Serial_Box_03-2012_MACOSX_downloader_407.exe Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung
D:\Downloads\setup (1).exe Win32/InstalleRex.E evtl. unerwünschte Anwendung
D:\Downloads\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\setup_codec_3dx.exe Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung
D:\Downloads\Sido-Beste-2CD-DE-2012-VOiCE_downloader_98839.exe Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung
D:\Downloads\Snes9x - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\Sniper-GhostWarrior2+9TrainerByAfterMan.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\SoftonicDownloader_fuer_asus-smart-doctor.exe Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung
D:\Downloads\SoftonicDownloader_fuer_monopoly-3.exe Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung
D:\Downloads\Star Wars The Force Unleashed v1.0 Trainer (1).rar Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\Star Wars The Force Unleashed v1.0 Trainer.rar Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\Star_Wars_-_The_Force_Unleashed_2_(1.0.0.0)_+_5_Trainer (1).rar Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\Star_Wars_-_The_Force_Unleashed_2_(1.0.0.0)_+_5_Trainer.rar Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\Star_Wars_The_Force_Unleashed_2_Trainer (1).rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\Star_Wars_The_Force_Unleashed_2_Trainer.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\SumatraPDFSetup-3D2okuZ.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\SumatraPDFSetup-fVzmfcq.exe Win32/Somoto.A evtl. unerwünschte Anwendung
D:\Downloads\SweetIMSetup (1).exe Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung
D:\Downloads\SweetIMSetup (2).exe Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung
D:\Downloads\SweetIMSetup.exe Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung
D:\Downloads\SWTFU2 trainer v1.0-1.1.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\tb_PrizeRebelBar.exe Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung
D:\Downloads\travelguide_1.0_de-DE (1).exe Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung
D:\Downloads\travelguide_1.0_de-DE.exe Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung
D:\Downloads\u1210.exe Win32/UltraReach potenziell unsichere Anwendung
D:\Downloads\Utorrent.exe MSIL/Solimba evtl. unerwünschte Anwendung
D:\Downloads\VirtualDub 32 Bit - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\VLC-Media-Player-fr-Android-Setup.exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
D:\Downloads\vyz7ab.rar Win32/HackTool.WinActivator.I potenziell unsichere Anwendung
D:\Downloads\Watch_Dogs v1.0 ~ Update 1 Plus 20 Trainer.rar Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Downloads\WhiteSmokeInstaller__1302_i1306197_il657.exe Variante von Win32/Amonetize.B evtl. unerwünschte Anwendung
D:\Downloads\WhiteSmokeInstaller__714_il548.exe Variante von Win32/Amonetize.B evtl. unerwünschte Anwendung
D:\Downloads\whitesmoke_2012u.exe möglicherweise Variante von Win32/WhiteSmoke evtl. unerwünschte Anwendung
D:\Downloads\WhiteSmoke_Enrichment_Full.exe möglicherweise Variante von Win32/WhiteSmoke evtl. unerwünschte Anwendung
D:\Downloads\Windows Virtual PC - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\xpadder_gamepad_profiler_Setup.exe Win32/Toolbar.Babylon evtl. unerwünschte Anwendung
D:\Downloads\yosetup.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\YourFileDownloader.exe Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung
D:\Downloads\YourFile_downloader.exe möglicherweise Variante von Win32/YourFileDownloader.A evtl. unerwünschte Anwendung
D:\Downloads\youtube-dlm_1.0_de-DE.exe Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung
D:\Downloads\Yu-Gi-Oh! Power of Chaos - Joey the Passion Trainer +5.rar Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
D:\Downloads\zaSetupWeb_110_000_018.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Games\Saints Row IV\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Games\Saints Row IV\uninstall.exe Variante von Win32/Revenants.A potenziell unsichere Anwendung
D:\Program Files (x86)\Activision\Blur(TM)\Blur Trainer.exe Variante von Win32/GameHack.F potenziell unsichere Anwendung
D:\Program Files (x86)\Assassins Creed III\ac3sptrainer.EXE Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Program Files (x86)\Batman Arkham Origins\SinglePlayer\Binaries\Win32\steam_api.dll Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\Batman Arkham Origins\SinglePlayer\Binaries\Win32\Sk\steam_api.dll Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\Bethesda Softworks\Dishonored\Binaries\Win32\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll Variante von Win32/Packed.VMProtect.AAD Trojaner
D:\Program Files (x86)\ENSLAVED? Odyssey to the West? Premium Edition\NSLAVED V1.0 Trainer +3 MrAntiFun.exe Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Program Files (x86)\ENSLAVED? Odyssey to the West? Premium Edition\Binaries\Win32\NSLAVED V1.0 Trainer +3 MrAntiFun.exe Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Program Files (x86)\GRID 2\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\Hitman Absolution\HMAtrainer.EXE Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
D:\Program Files (x86)\Microsoft Games\Fable - The Lost Chapters\gghz-flctr.exe Variante von Win32/GameHack.HH potenziell unsichere Anwendung
D:\Program Files (x86)\MotoGP2\trainer.exe Variante von Win32/GameHack.G potenziell unsichere Anwendung
D:\Program Files (x86)\Namco Bandai Games\Ridge Racer Unbounded Bundle\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\Need For Speed Rivals\nfs14.3dm.dll Variante von Win32/Packed.VMProtect.ABD Trojaner
D:\Program Files (x86)\Need For Speed Rivals\NFS14.exe Variante von Win32/Packed.VMProtect.ABD Trojaner
D:\Program Files (x86)\Need For Speed Rivals\nfs14_x86.3dm.dll Win32/HackTool.Crack.BV potenziell unsichere Anwendung
D:\Program Files (x86)\Need For Speed Rivals\NFS14_x86.exe Variante von Win32/Packed.VMProtect.ABD Trojaner
D:\Program Files (x86)\Rayman Legends\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\Saints Row IV Commander In Chief Edition-FULL UNLOCKED\Saints Row IV\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
D:\Program Files (x86)\The Walking Dead\steam_api.dll Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
E:\Electronic Arts\Crytek\Crysis 2\bin32\Crysis 2 - 32 Bit - Trainer +5.exe Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung
E:\Grand Theft Auto IV\LaunchGTAIV.exe Win32/HackTool.Crack.BC potenziell unsichere Anwendung
E:\Prince of Persia The Forgotten Sands\Prince_Of_Persia_The_Forgotten_Sands_Trainer.EXE Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Batman_Arkham_Origins-GameWorks\NoDVD\steam_api.dll Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Bulletstorm\Bulletstorm-FLT\flt-bull.iso Variante von Win32/Packed.VMProtect.AAD Trojaner
K:\Images\Games\Abgehackt\Call of Duty Ghosts\rld-caofdugh.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Dishorned\ppt-diho.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Flatout 3\ppt-f3cd.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\GRID.2_RELOADED\rld-grid2.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Metal Gear Rising\rld-megerire.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Need For Speed Rivals[BlackBox]\BB-NFSR.iso Variante von Win32/CoinMiner.HY Trojaner
K:\Images\Games\Abgehackt\NeedForSpeedCollectorsEdition\18) Need For Speed - Hot Pursuit\rld-nshp.iso Variante von Win32/Packed.VMProtect.AAD Trojaner
K:\Images\Games\Abgehackt\Rayman Legends\rld-rlegends.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Ridge Racer\ppt-rrun.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Star Wars The Clone Wars Republic Heroes [MULTI5][PCDVD][WwW.GamesTorrents.CoM]\rzr-cwrh.iso Win32/HackTool.Crack.BC potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\Star.Trek.GERMAN-0x0007\de-startrekvg.iso Variante von Win32/HackTool.Crack.BQ potenziell unsichere Anwendung
K:\Images\Games\Abgehackt\X Rebirth\de-xrebirth.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Noch offen\Castlevania\rld-cvanialos2.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Noch offen\Dark Souls 2\rld-daso2.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Noch offen\DevilMayCry\ppt-dmcc.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Games\Noch offen\SimCity\rzr-smci.iso Variante von Win32/Packed.VMProtect.ABD Trojaner
K:\Images\Games\Noch offen\Thief\de-thief.iso Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung
K:\Images\Software\Music.Maker.2014.v20.0.4.49.incl.Contentpacks-iND\Patch.7z Win32/Ramnit.H Virus
K:\Images\Software\Music.Maker.2014.v20.0.4.49.incl.Contentpacks-iND\Setup\Music_Maker_2014_Premium_DLV_en-II_130802_19-26_20_0_2_35.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
K:\Images\Software\Win7 64Bit\Windows_7_Ultimate_64bit_Deutsch.iso Win32/HackTool.WinActivator.I potenziell unsichere Anwendung
K:\JLoads\FL Studio Producer Edition 11.0.1.rar Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung
K:\JLoads\FL Studio Producer Edition 11.0.1\ILFLPE.11.0.1.SB\flstudio_11.exe Win32/OpenCandy potenziell unsichere Anwendung
K:\JLoads\FL Studio Producer Edition 11.0.1\ILFLPE.11.0.1.SB\patch-MPT\FL.STUDIO.Producer.Edition.11.0.1.(Signature.Bundle).Patch-MPT.zip Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien\Star Wars Jedi Knight Jedi Academy\patch.exe Variante von Win32/HackTool.Patcher.C potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien\Star Wars Jedi Knight Jedi Academy\GameData\patch.exe Variante von Win32/HackTool.Patcher.C potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien2\Cheats\HdR Die Rückkehr des Königs\Trainer.rar Variante von Win32/GameHack.S potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien2\Cheats\Juiced Ulties\Juicedmoney.rar Variante von Win32/GameHack.EW potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien2\Cheats\Prince of Persia Ulties\pzdpoptt.rar Variante von Win32/GameHack.S potenziell unsichere Anwendung
K:\Laptop\Dateien\Eigene Dateien2\Diablo 2 ulties\D2_LoD_109d_Editor.rar Variante von Win32/GameHack.EW potenziell unsichere Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\avira_free_antivirus_de-13.0.0.3185.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\DTLite4454-0314.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\FreeYouTubeDownload_3.1.37.918.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\SoftonicDownloader_fuer_monopolie.exe Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung
K:\Laptop\Dateien\EigeneDateien\Downloads\SoftonicDownloader_fuer_monopoly-3.exe Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung
K:\Program Files (x86)\MAGIX\Music Maker 2014 Premium\magixprodukte-.universalpatch-für die Start.exe .exe Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung
Danach habe ich das Programm "SecurityCheck" ausgeführt und folgendes erhalten: SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Setup - Call of Duty Ghosts (c) Activision ...
Java(TM) 6 Update 18
Java 7 Update 11
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.77 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
Google Chrome Google Icon.ico..
Google Chrome Google Icon.ifx..
Google Chrome icon.png..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Devil (administrator) on NEO on 03-06-2014 16:47:47
Running from C:\Users\Devil\Desktop\Desktop\Trojaner-Board
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrSaz.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
(Volkswagen AG) D:\ElsaWin\bin\LcSvrAuf.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Devil\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1033395003-4163772576-2144622384-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {A1DABF90-F83C-4a5a-8000-514E06654FA7} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {C3EA6126-6E4F-4d88-978E-291625E6B2A1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Devil\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\admin@proxy-listen.de.xpi [2013-02-12]
FF Extension: Adblock Plus - C:\Users\Devil\AppData\Roaming\Mozilla\Firefox\Profiles\c5mp85gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-14]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Devil\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (phonostar Detector) - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
CHR Plugin: (Google Update) - C:\Users\Devil\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (ProxFlow) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-28]
CHR Extension: (AdBlock) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-28]
CHR Extension: (Google Wallet) - C:\Users\Devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKCU\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Devil\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24]
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx [2014-05-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 LcSvrAdm; D:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG)
R3 LcSvrAuf; D:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG)
R2 LcSvrDba; D:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG)
R2 LcSvrHis; D:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG)
R2 LcSvrPAS; D:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG)
R2 LcSvrSaz; D:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-10-29] ()
S4 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [360960 2010-10-25] (iZ3D Inc.)
S4 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [480768 2010-10-25] (iZ3D Inc.)
==================== Drivers (Whitelisted) ====================
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [63872 2006-10-29] (Broadcom Corporation.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-29] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140530.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 iZ3DInjectionDriver; C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2010-10-06] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.008\ENG64.SYS [126040 2014-04-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.008\EX64.SYS [2099288 2014-04-29] (Symantec Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-24] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 usbaudio; C:\Windows\SysWOW64\drivers\usbaudio.sys [39840 1998-08-21] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [53960 2011-01-13] (usb camera)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 zonescreen; C:\Windows\System32\DRIVERS\zsport.sys [12024 2010-10-31] (ZoneOS)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 btwmodem; system32\DRIVERS\btwmodem.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 21:56 - 2014-06-02 21:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-02 00:35 - 2014-06-02 00:35 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\mp3DirectCut
2014-06-01 23:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-01 22:51 - 2014-06-02 21:41 - 00000000 ____D () C:\AdwCleaner
2014-06-01 22:37 - 2014-06-01 22:37 - 00029503 _____ () C:\mbam.txt
2014-06-01 22:18 - 2014-06-02 21:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-01 22:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-01 22:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-01 22:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 23:05 - 2014-05-31 23:15 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\MAGIX
2014-05-31 22:59 - 2014-05-31 22:59 - 00000000 ____D () C:\Users\Devil\Documents\MAGIX_MusicEditor
2014-05-31 22:58 - 2014-05-31 23:06 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-31 22:58 - 2014-05-31 23:05 - 00000000 ___RD () C:\Users\Devil\Documents\MAGIX
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-31 21:13 - 2014-05-31 21:13 - 00025994 _____ () C:\ComboFix.txt
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\dub_cm_auto\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-05-31 21:00 - 2014-06-02 21:42 - 00032198 _____ () C:\Windows\PFRO.log
2014-05-31 20:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-31 20:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-31 20:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-31 20:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-31 20:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-31 20:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-31 20:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-31 20:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-31 20:41 - 2014-05-31 21:13 - 00000000 ____D () C:\Qoobox
2014-05-31 20:41 - 2014-05-31 21:11 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 20:26 - 2014-05-31 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-30 20:56 - 2014-05-30 20:58 - 00000000 ____D () C:\Users\Devil\kratzer
2014-05-29 23:26 - 2014-05-29 23:26 - 00018473 _____ () C:\Windows\DirectX.log
2014-05-29 16:46 - 2014-05-29 16:54 - 00000000 ____D () C:\Users\Devil\UNI
2014-05-29 15:27 - 2014-05-29 15:27 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-28 20:10 - 2014-06-03 16:47 - 00000000 ____D () C:\FRST
2014-05-28 19:59 - 2014-06-02 21:43 - 00011905 _____ () C:\Windows\setupact.log
2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable
2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log
2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD
2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-05-27 23:13 - 2014-04-18 04:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-05-27 23:13 - 2014-04-18 04:42 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-05-27 23:13 - 2014-04-18 04:39 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-27 23:13 - 2014-04-18 04:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-05-27 23:13 - 2014-04-18 04:23 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-05-27 23:13 - 2014-04-18 04:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-05-27 23:13 - 2014-04-18 04:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-05-27 23:13 - 2014-04-18 04:17 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-27 23:13 - 2014-04-18 04:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-27 23:13 - 2014-04-18 04:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-27 23:13 - 2014-04-18 04:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-05-27 23:13 - 2014-04-18 04:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-27 23:13 - 2014-04-18 03:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-27 23:13 - 2014-04-18 03:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-05-27 23:13 - 2014-04-18 03:46 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-05-27 23:13 - 2014-04-18 03:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-05-27 23:13 - 2014-04-18 03:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-05-27 23:13 - 2014-04-18 03:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-05-27 23:13 - 2014-04-18 03:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-27 23:13 - 2014-04-18 03:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-27 23:13 - 2014-04-18 03:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-05-27 23:13 - 2014-04-18 03:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-27 23:13 - 2014-04-18 03:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-27 23:13 - 2014-04-18 03:30 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-05-27 23:13 - 2014-04-18 03:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-05-27 23:13 - 2014-04-18 03:29 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-05-27 23:13 - 2014-04-18 03:29 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-05-27 23:13 - 2014-04-18 03:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-05-27 23:13 - 2014-04-18 03:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-05-27 23:13 - 2014-04-18 03:21 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-05-27 23:13 - 2014-04-18 03:17 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-05-27 23:13 - 2014-04-18 03:09 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-05-27 23:13 - 2014-04-18 03:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-05-27 23:13 - 2014-04-18 03:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-05-27 23:13 - 2014-04-18 03:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-05-27 23:13 - 2014-04-10 19:58 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-05-27 23:13 - 2014-04-01 00:06 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-05-27 23:13 - 2014-04-01 00:04 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-05-27 23:13 - 2014-02-06 17:45 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-05-27 23:13 - 2014-01-16 19:00 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-05-27 23:13 - 2014-01-16 18:59 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-05-27 23:13 - 2014-01-16 10:34 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-05-27 23:13 - 2013-12-19 18:45 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-05-27 23:13 - 2013-12-19 18:44 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX
2014-05-27 22:45 - 2014-05-27 22:46 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt
2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp
2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt
2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll
2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-05-05 22:25 - 2014-05-06 18:41 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai
2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames
2014-05-04 00:21 - 2014-05-16 19:57 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt
==================== One Month Modified Files and Folders =======
2056-04-24 22:17 - 2014-03-25 23:02 - 00004096 _____ () C:\Users\Public\Documents\0000319C.LCS
2056-04-24 22:17 - 2014-03-25 23:00 - 00000000 ____D () C:\WDIGIPET
2015-08-01 19:43 - 2014-03-26 00:14 - 00000368 _____ () C:\Users\Devil\Documents\ax_files.xml
2015-08-01 19:43 - 2013-10-27 20:58 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72B68498-F2A6-46D9-BBFA-FB3ABA89363F}
2014-06-03 16:47 - 2014-05-28 20:10 - 00000000 ____D () C:\FRST
2014-06-03 16:47 - 2013-04-20 18:20 - 00000000 ____D () C:\Users\Devil\AppData\Local\Temp
2014-06-03 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-03 16:41 - 2012-09-27 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA.job
2014-06-03 16:37 - 2012-10-20 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 16:36 - 2014-04-25 22:24 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 23:34 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 23:34 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 21:56 - 2014-06-02 21:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-02 21:47 - 2012-08-26 16:38 - 01833231 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 21:45 - 2014-06-01 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 21:43 - 2014-05-28 19:59 - 00011905 _____ () C:\Windows\setupact.log
2014-06-02 21:43 - 2014-04-25 22:24 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 21:42 - 2014-05-31 21:00 - 00032198 _____ () C:\Windows\PFRO.log
2014-06-02 21:42 - 2014-02-20 23:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-02 21:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:41 - 2014-06-01 22:51 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:38 - 2012-08-26 19:37 - 00000000 ____D () C:\Users\Devil\AppData\Local\CrashDumps
2014-06-02 21:13 - 2012-08-30 23:10 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\vlc
2014-06-02 20:33 - 2009-08-25 20:32 - 00666448 _____ () C:\Windows\system32\perfh01D.dat
2014-06-02 20:33 - 2009-08-25 20:32 - 00147772 _____ () C:\Windows\system32\perfc01D.dat
2014-06-02 20:33 - 2009-08-25 19:41 - 00728092 _____ () C:\Windows\system32\perfh019.dat
2014-06-02 20:33 - 2009-08-25 19:41 - 00156268 _____ () C:\Windows\system32\perfc019.dat
2014-06-02 20:33 - 2009-08-25 19:33 - 00747838 _____ () C:\Windows\system32\perfh013.dat
2014-06-02 20:33 - 2009-08-25 19:33 - 00158702 _____ () C:\Windows\system32\perfc013.dat
2014-06-02 20:33 - 2009-08-25 19:25 - 00497186 _____ () C:\Windows\system32\perfh014.dat
2014-06-02 20:33 - 2009-08-25 19:25 - 00100410 _____ () C:\Windows\system32\perfc014.dat
2014-06-02 20:33 - 2009-08-25 19:18 - 00744652 _____ () C:\Windows\system32\perfh010.dat
2014-06-02 20:33 - 2009-08-25 19:18 - 00152658 _____ () C:\Windows\system32\perfc010.dat
2014-06-02 20:33 - 2009-08-25 19:09 - 00749858 _____ () C:\Windows\system32\perfh00C.dat
2014-06-02 20:33 - 2009-08-25 19:09 - 00155216 _____ () C:\Windows\system32\perfc00C.dat
2014-06-02 20:33 - 2009-08-25 19:01 - 00484696 _____ () C:\Windows\system32\perfh00B.dat
2014-06-02 20:33 - 2009-08-25 19:01 - 00107284 _____ () C:\Windows\system32\perfc00B.dat
2014-06-02 20:33 - 2009-08-25 18:54 - 00749602 _____ () C:\Windows\system32\perfh00A.dat
2014-06-02 20:33 - 2009-08-25 18:54 - 00164930 _____ () C:\Windows\system32\perfc00A.dat
2014-06-02 20:33 - 2009-08-25 18:46 - 00712886 _____ () C:\Windows\system32\perfh007.dat
2014-06-02 20:33 - 2009-08-25 18:46 - 00155216 _____ () C:\Windows\system32\perfc007.dat
2014-06-02 20:33 - 2009-08-25 18:38 - 00512432 _____ () C:\Windows\system32\perfh006.dat
2014-06-02 20:33 - 2009-08-25 18:38 - 00104394 _____ () C:\Windows\system32\perfc006.dat
2014-06-02 20:33 - 2009-07-14 07:13 - 08781340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 00:42 - 2012-11-07 20:16 - 05603328 ___SH () C:\Users\Devil\Desktop\Thumbs.db
2014-06-02 00:35 - 2014-06-02 00:35 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\mp3DirectCut
2014-06-01 23:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-06-01 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-06-01 22:37 - 2014-06-01 22:37 - 00029503 _____ () C:\mbam.txt
2014-06-01 22:25 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Programme
2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-01 22:18 - 2014-06-01 22:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-01 22:18 - 2013-12-12 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 21:33 - 2009-07-14 06:45 - 03142656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-31 23:24 - 2012-08-26 17:15 - 00158720 _____ () C:\Users\Devil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-31 23:15 - 2014-05-31 23:05 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\MAGIX
2014-05-31 23:06 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-31 23:05 - 2014-05-31 22:58 - 00000000 ___RD () C:\Users\Devil\Documents\MAGIX
2014-05-31 22:59 - 2014-05-31 22:59 - 00000000 ____D () C:\Users\Devil\Documents\MAGIX_MusicEditor
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-31 22:58 - 2014-05-31 22:58 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-31 22:58 - 2014-04-26 17:53 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-31 22:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-05-31 22:13 - 2013-02-11 00:36 - 00000000 ____D () C:\Users\Devil\Hitfaker
2014-05-31 22:13 - 2012-12-03 19:07 - 00000000 ____D () C:\Users\Devil\Schule
2014-05-31 22:13 - 2012-08-26 16:47 - 00000000 ____D () C:\Users\Devil
2014-05-31 21:13 - 2014-05-31 21:13 - 00025994 _____ () C:\ComboFix.txt
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\dub_cm_auto\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 21:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-05-31 21:13 - 2014-05-31 20:41 - 00000000 ____D () C:\Qoobox
2014-05-31 21:13 - 2014-04-22 21:07 - 00000000 ____D () C:\Users\dub_cm_auto
2014-05-31 21:11 - 2014-05-31 20:41 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 21:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-31 20:59 - 2009-07-14 04:34 - 97517568 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-31 20:59 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-31 20:59 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-31 20:26 - 2014-05-31 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-30 23:26 - 2012-08-26 20:07 - 00000000 ___RD () C:\Users\Devil\Desktop\Games
2014-05-30 20:58 - 2014-05-30 20:56 - 00000000 ____D () C:\Users\Devil\kratzer
2014-05-30 17:22 - 2013-12-31 18:49 - 00000000 ____D () C:\Windows\system32\Drivers\etc\SK
2014-05-29 23:42 - 2012-12-10 17:26 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-29 23:42 - 2012-08-28 19:04 - 00000000 ____D () C:\Users\Devil\Documents\My Games
2014-05-29 23:27 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-29 23:26 - 2014-05-29 23:26 - 00018473 _____ () C:\Windows\DirectX.log
2014-05-29 19:41 - 2012-09-27 15:39 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core.job
2014-05-29 16:54 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\Devil\UNI
2014-05-29 16:39 - 2012-12-18 20:56 - 00000000 ____D () C:\Users\Devil\.gimp-2.8
2014-05-29 16:27 - 2013-04-25 15:17 - 00000056 _____ () C:\Windows\Acroread.ini
2014-05-29 16:25 - 2013-04-24 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsaWin
2014-05-29 16:25 - 2013-04-24 21:56 - 00000344 _____ () C:\Windows\ODBC.INI
2014-05-29 15:27 - 2014-05-29 15:27 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-29 15:27 - 2012-11-15 20:52 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-29 15:27 - 2012-08-26 20:24 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DAEMON Tools Lite
2014-05-28 20:19 - 2012-09-07 18:37 - 00000000 ____D () C:\Windows\pss
2014-05-28 19:59 - 2014-05-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:58 - 2014-05-28 19:58 - 00000188 _____ () C:\Users\Devil\defogger_reenable
2014-05-27 23:38 - 2012-09-12 20:18 - 00524288 ___SH () C:\Users\Devil\Thumbs.db
2014-05-27 23:20 - 2014-05-27 23:20 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 23:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 23:17 - 2014-05-27 23:17 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201405272317260220.log
2014-05-27 23:17 - 2014-05-27 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-27 23:17 - 2012-08-26 17:19 - 00000000 ____D () C:\ProgramData\AMD
2014-05-27 23:16 - 2012-08-26 17:17 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-27 23:14 - 2014-05-27 23:14 - 00000000 ____D () C:\Program Files\AMD
2014-05-27 23:08 - 2014-04-29 20:00 - 00000000 ____D () C:\Users\Devil\GLUCOFACTS Deluxe
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
2014-05-27 23:01 - 2014-05-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Sapphire TRIXX
2014-05-27 22:48 - 2012-09-07 18:45 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-27 22:46 - 2014-05-27 22:45 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-27 22:45 - 2014-05-27 22:45 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-05-27 21:20 - 2014-05-27 21:20 - 00000007 _____ () C:\Users\Devil\SeatPW.txt
2014-05-27 17:52 - 2012-08-26 22:39 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-27 13:31 - 2013-07-31 19:06 - 00000000 ___RD () C:\Users\Devil\Desktop\Software
2014-05-27 01:29 - 2014-02-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Bridge Building Game
2014-05-25 11:09 - 2014-05-25 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL8FB2.tmp
2014-05-24 23:25 - 2014-05-24 23:25 - 00000000 _____ () C:\Windows\SysWOW64\OCL7FE8.tmp
2014-05-24 23:24 - 2014-03-29 19:59 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-24 23:24 - 2013-11-14 20:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-24 23:24 - 2013-04-23 18:54 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-23 17:13 - 2013-07-15 19:39 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-23 17:13 - 2012-08-30 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-23 17:12 - 2012-08-30 22:06 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\DVDVideoSoft
2014-05-16 23:35 - 2014-05-16 23:35 - 00000130 _____ () C:\Users\Devil\Documents\Jochen TT.txt
2014-05-16 19:57 - 2014-05-04 00:21 - 00000603 _____ () C:\Users\Devil\Documents\SeatTeile.txt
2014-05-12 21:43 - 2014-05-12 21:43 - 00030208 _____ () C:\devdll.dll
2014-05-12 07:26 - 2014-06-01 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-01 22:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 22:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 11:13 - 2014-05-10 11:13 - 00007595 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.cl
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75BD.tmp.log
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL75AC.tmp
2014-05-10 11:13 - 2014-05-10 11:13 - 00000000 _____ () C:\Windows\SysWOW64\OCL756D.tmp
2014-05-08 19:36 - 2012-09-27 15:39 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000UA
2014-05-08 19:36 - 2012-09-27 15:39 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1033395003-4163772576-2144622384-1000Core
2014-05-06 18:41 - 2014-05-05 22:25 - 00000000 ____D () C:\Users\Devil\AppData\Local\Akamai
2014-05-06 18:34 - 2014-04-28 22:16 - 00000000 ____D () C:\Keule306
2014-05-06 17:31 - 2014-04-25 22:24 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 17:31 - 2014-04-25 22:24 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 22:46 - 2013-01-21 18:32 - 00000000 ____D () C:\Users\Devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-05-05 22:43 - 2014-05-05 22:43 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-05-05 22:25 - 2014-05-05 22:25 - 00000000 ____D () C:\AeriaGames
Files to move or delete:
====================
C:\Users\Devil\AppData\Roaming\CamLayout.ini
C:\Users\Devil\AppData\Roaming\CamShapes.ini
C:\Users\Devil\scroll_app_smart_4.00.33.exe
C:\Users\Devil\setpoint6.61.15_64.exe
C:\Users\Devil\WhiteCap_505_Platinum.exe
C:\Users\Devil\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\Devil\AppData\Local\Temp\tmpFA19.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-03 10:15
==================== End Of Log ============================
|
|
04.06.2014, 12:11
| #12 |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Java, Flash und Firefox updaten. Am besten den ganzen Ordner D:\Downloads löschen, vor allem den Crack-Scheiss. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Devil\AppData\Local\CRE
C:\Users\Devil\AppData\Local\Temp\tmpFA19.exe
C:\Users\Devil\AppData\Roaming\Origin\update.vbe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2014, 20:41
| #13 |
| | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Hallo, ich habe jetzt wie empfohlen, den gesamten Download-Ordner gelöscht und sämtlichen "Crack-Scheiss" gleich mit. Außerdem werde ich all Deine Ratschläge beherzigen und mich auch zukünftig daran halten. Eine kurze Frage hätte ich dann doch noch: Ich habe doch mit ESET einen kompletten System-Scan durchgeführt und eine Text-Datei mit sämtlichen Pfaden von "gefährlichen Dateien" erhalten. Ich habe nun festgestellt das einige noch vorhanden sind. Gehe ich richtig in der Annahme, das ich sämtlich Dateien einfach manuell löschen kann und dann los bin? Ich habe noch einmal FRST benutzt und die Fixlog erstellt. Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Devil at 2014-06-04 21:04:10 Run:2
Running from C:\Users\Devil\Desktop\Desktop\Trojaner-Board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Devil\AppData\Local\CRE
C:\Users\Devil\AppData\Local\Temp\tmpFA19.exe
C:\Users\Devil\AppData\Roaming\Origin\update.vbe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
"C:\Users\Devil\AppData\Local\CRE" => File/Directory not found.
"C:\Users\Devil\AppData\Local\Temp\tmpFA19.exe" => File/Directory not found.
"C:\Users\Devil\AppData\Roaming\Origin\update.vbe" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
==== End of Fixlog ====
An dieser Stelle möchte ich auf jeden Fall schon einmal vielen vielen Dank sagen und ich möchte auch meine Bewunderung zu Ausdruck bringen, dass Du soviel Zeit und Mühe für all die "PC-Laien" aufbringst und ihnen weiter hilfst. Solltest Du mal Probleme mit einem Auto haben und Du bist durch Zufall in der Nähe von Erfurt dann zögere bitte nicht und sag mir Bescheid. Ich würde mich freuen mich einmal revanchieren zu können. |
|
05.06.2014, 19:19
| #14 |
| /// the machine /// TB-Ausbilder | GPU-Auslastung permanent 98% -> Grafikkarte erhöhte Temperatur Wenn nach entfernen der Scanprogramme und reinigen mit TFC noch ESET Funde über sind kannste die manuell löschen. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
1B5B4F1
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
