Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: unbekannter Trojaner/Backdoor

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.08.2014, 18:58   #1
IGL
 
unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



Hallo!

Mir ist letztens folgende Datei im Taskmanager aufgefallen die ständing CPU-Zeit verschlingt:
C:\ProgramData\RazorU0\ntibcpsaq.exe
Ist versteckt und schreibgeschützt.

Virustotal bestätigt mich in meiner Vermutung und gibt dem Mist verschiedene Namen. Evtl. erkennt den einer von euch:
https://www.virustotal.com/de/file/2b00cee9c18e357150765aff9bcf40316073b7d6ce812232b03776fc2a82e5e0/analysis/1408902313/

FRST Logs sind angehängt.

So braucht ihr noch mehr Infos?
Wie werd ich den wieder los?

Danke schon mal im vorraus für eure wertvolle Zeit!

Alt 24.08.2014, 19:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.08.2014, 20:04   #3
IGL
 
unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by EagleEye (administrator) on I7-SB on 24-08-2014 19:22:05
Running from F:\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Beepa P/L) C:\Fraps\fraps.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\RazorU0\ntibcpsaq.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [229480 2008-07-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\Run: [RazorU] => C:\ProgramData\RazorU0\ntibcpsaq.ex
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\MountPoints2: {393bd700-3da1-11df-a24c-00040efbe0e3} - K:\USBAutoRun.exe
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\MountPoints2: {a8066420-d451-11de-8692-00241d77a1fd} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\MountPoints2: {bf2e3e0f-f0bf-11de-a556-00241d77a1fd} - K:\pushinst.exe
HKU\S-1-5-21-4021553938-1782729957-2344703573-1001\...\MountPoints2: {bf2e3e11-f0bf-11de-a556-00241d77a1fd} - I:\pushinst.exe
IFEO\Werfault.exe: [Debugger] NUL

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 95.154.227.215:40440
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFD50D4BF934ECA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/f11f2fc2002082998879437ebfb396ac/proxy.pac"
FF NetworkProxy: "backup.ftp", "proxy.helinet.de"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.gopher", "195.58.168.27"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "proxy.helinet.de"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.helinet.de"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.helinet.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "195.58.168.27"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.helinet.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "127.0.0.1,192.168.1.1,localhost,127.0.0.1,fritz.box,rapidshare.com"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.helinet.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.helinet.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\EagleEye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll (InfiniAd GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\amazon-couk-search.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\billigerde.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\geizhalsat.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-blogs.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-books.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-directory.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-finance.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-groups.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-news.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-products.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-trends.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\longman-english-dictionary.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\myvideo-suche-.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\sport1de.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Go to Selection - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\gts@ff.tillwiebke.de [2011-01-02]
FF Extension: ColorfulTabs - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-08-20]
FF Extension: iMacros for Firefox - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-24]
FF Extension: Premiumize.me - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-27]
FF Extension: JSONView - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\jsonview@brh.numbera.com.xpi [2013-08-21]
FF Extension: Advertising Cookie Opt-out - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\optout@google.com.xpi [2014-01-29]
FF Extension: VTzilla - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\vtzilla@virustotal.com.xpi [2011-07-13]
FF Extension: Flagfox - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013-09-16]
FF Extension: NoScript - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-30]
FF Extension: BugMeNot Plugin - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-08-30]
FF Extension: Greasemonkey - C:\Users\EagleEye\AppData\Roaming\Mozilla\Firefox\Profiles\f7hf4tgc.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-08-02]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-06]
CHR Extension: (Google Drive) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-06]
CHR Extension: (YouTube) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-06]
CHR Extension: (Adblock Plus) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01]
CHR Extension: (Google-Suche) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-06]
CHR Extension: (Premiumize.me) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-13]
CHR Extension: (Google Wallet) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\EagleEye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-12-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-29] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-05] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-16] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2010-04-06] (Turtle Entertainment GmbH)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) [File not signed]
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-07-05] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-16] ()
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [62088 2009-10-03] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-14] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-24] (Duplex Secure Ltd.)
S3 StarOpen; No ImagePath
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R2 WinRing0_1_2_0; C:\Users\EagleEye\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries21.gadget\WinRing0x64.sys [14544 2009-12-20] (OpenLibSys.org)
U3 a6128hrk; C:\Windows\System32\Drivers\a6128hrk.sys [0 ] (Advanced Micro Devices)
S3 cpuz130; \??\C:\Users\EagleEye\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition x64\SysInfoX64.sys [X]
S3 e1qexpress; system32\DRIVERS\e1q62x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 19:21 - 2014-08-24 19:22 - 00000000 ____D () C:\FRST
2014-08-23 16:51 - 2014-08-23 16:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-18 02:35 - 2014-08-18 02:39 - 143614383 _____ () C:\Users\EagleEye\Downloads\Guesswhosbacktest_Windows Media Video V11_HD-1080-30p-Video mit 8 Mbit-s.wmv
2014-08-14 16:31 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:31 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:31 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:31 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 16:31 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:31 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:31 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:31 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 16:28 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 16:28 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 16:28 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 16:28 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 16:28 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 16:28 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 16:28 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 16:28 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 16:28 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 16:28 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 16:28 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 16:28 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 16:28 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 16:28 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 16:28 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 16:28 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 16:28 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 16:28 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 16:28 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 16:28 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 16:28 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 16:28 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 16:28 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 16:28 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 16:28 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 16:28 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 16:28 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 16:28 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 16:28 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 16:28 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 16:28 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 16:28 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 16:28 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 16:28 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 16:28 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 16:28 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 16:28 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 16:13 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 16:13 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 16:12 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 16:12 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 16:12 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 16:12 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 16:12 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 16:12 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 16:12 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 16:12 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 16:12 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 16:12 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 16:12 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 16:12 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 16:01 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 16:01 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 16:01 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 16:01 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 16:01 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 16:01 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 16:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 16:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 16:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 16:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 16:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 16:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 16:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 16:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 16:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 17:53 - 2014-08-13 17:53 - 00000016 _____ () C:\Users\EagleEye\Desktop\new  0.txt
2014-08-12 20:22 - 2014-08-12 20:22 - 00000346 _____ () C:\Users\EagleEye\Desktop\Zattoo Live TV.appref-ms
2014-08-12 20:22 - 2014-08-12 20:22 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Zattoo
2014-08-12 20:22 - 2014-08-12 20:22 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-08-11 23:00 - 2014-08-11 23:01 - 10913324 _____ () C:\Users\EagleEye\Desktop\29. Mr Trololo - Trololo Song.wav
2014-08-07 15:13 - 2014-08-07 15:17 - 00000000 ____D () C:\Users\EagleEye\Desktop\cd4
2014-08-07 03:32 - 2014-08-07 03:32 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 03:32 - 2014-08-07 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 03:32 - 2014-08-07 03:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 17:24 - 2014-08-06 17:38 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\AccurateRip
2014-08-06 17:24 - 2014-08-06 17:24 - 00001042 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk
2014-08-06 17:24 - 2014-08-06 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-08-06 17:24 - 2014-08-06 17:24 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-08-03 17:03 - 2014-08-03 17:03 - 00001296 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-01 12:33 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 12:33 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 12:33 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 12:33 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 12:33 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 12:33 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 12:33 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 12:33 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 12:33 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 12:33 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 12:33 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 12:33 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 12:33 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 12:33 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-29 23:28 - 2014-07-29 23:28 - 00000000 ____D () C:\Users\EagleEye\Documents\Bauer Sebastian
2014-07-29 17:40 - 2014-07-29 17:40 - 00000000 ____D () C:\Users\EagleEye\.weasis
2014-07-25 23:33 - 2014-07-25 23:33 - 06588275 _____ ( ) C:\Users\EagleEye\Downloads\WGStream_WoWP_0.5.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 19:22 - 2014-08-24 19:21 - 00000000 ____D () C:\FRST
2014-08-24 19:18 - 2014-01-07 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 18:57 - 2009-10-16 20:50 - 02094104 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 18:27 - 2010-02-17 18:29 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 17:52 - 2014-03-28 18:37 - 00000000 ____D () C:\Users\EagleEye\AppData\Local\CrashDumps
2014-08-24 16:57 - 2014-04-20 22:02 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Audacity
2014-08-24 16:37 - 2012-02-21 20:47 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\vlc
2014-08-24 16:33 - 2012-08-25 14:15 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\HandBrake
2014-08-24 16:27 - 2010-02-17 18:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 14:36 - 2009-07-14 06:45 - 00015696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 14:36 - 2009-07-14 06:45 - 00015696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 14:34 - 2009-07-14 19:58 - 00668792 _____ () C:\Windows\system32\perfh007.dat
2014-08-24 14:34 - 2009-07-14 19:58 - 00137876 _____ () C:\Windows\system32\perfc007.dat
2014-08-24 14:34 - 2009-07-14 07:13 - 01536534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-24 14:30 - 2010-04-11 21:37 - 00003138 _____ () C:\Windows\System32\Tasks\FRAPS
2014-08-24 14:30 - 2010-01-30 17:51 - 00000000 ____D () C:\Fraps
2014-08-24 14:29 - 2014-06-30 04:47 - 00016663 _____ () C:\Windows\setupact.log
2014-08-24 14:29 - 2012-05-02 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 03:51 - 2013-09-10 17:35 - 00000000 ___RD () C:\Users\EagleEye\Dropbox
2014-08-24 02:58 - 2009-12-26 23:19 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\TS3Client
2014-08-24 00:00 - 2013-10-13 13:55 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\ActiveDossierUploader
2014-08-23 22:21 - 2009-10-16 21:49 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5870DF57-EE9C-4380-8BDE-62B4A953A1F5}
2014-08-23 21:12 - 2011-06-25 21:14 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\TV-Browser
2014-08-23 18:02 - 2013-09-10 17:34 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Dropbox
2014-08-23 18:01 - 2013-09-10 17:35 - 00001031 _____ () C:\Users\EagleEye\Desktop\Dropbox.lnk
2014-08-23 18:01 - 2013-09-10 17:34 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-23 16:51 - 2014-08-23 16:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 15:31 - 2009-10-17 20:29 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Notepad++
2014-08-21 14:14 - 2014-06-30 04:47 - 00007218 _____ () C:\Windows\PFRO.log
2014-08-20 23:50 - 2013-01-04 19:14 - 00000000 ____D () C:\Users\EagleEye\AppData\Local\JDownloader 2.0
2014-08-19 20:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 02:39 - 2014-08-18 02:35 - 143614383 _____ () C:\Users\EagleEye\Downloads\Guesswhosbacktest_Windows Media Video V11_HD-1080-30p-Video mit 8 Mbit-s.wmv
2014-08-17 14:35 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-14 17:35 - 2014-01-07 19:40 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 17:35 - 2014-01-07 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 17:35 - 2014-01-07 19:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 17:32 - 2009-10-22 21:21 - 00000000 ___RD () C:\Users\EagleEye\Virtual Machines
2014-08-14 17:32 - 2009-07-14 06:45 - 00320800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 16:34 - 2013-08-15 05:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 16:32 - 2009-10-16 21:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 13:44 - 2014-04-05 00:54 - 00000023 _____ () C:\Users\EagleEye\Desktop\bonuscodes.txt
2014-08-13 17:53 - 2014-08-13 17:53 - 00000016 _____ () C:\Users\EagleEye\Desktop\new  0.txt
2014-08-12 20:24 - 2013-02-19 20:50 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2014-08-12 20:22 - 2014-08-12 20:22 - 00000346 _____ () C:\Users\EagleEye\Desktop\Zattoo Live TV.appref-ms
2014-08-12 20:22 - 2014-08-12 20:22 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Zattoo
2014-08-12 20:22 - 2014-08-12 20:22 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-08-12 20:22 - 2009-10-17 17:46 - 00000000 ____D () C:\Users\EagleEye\AppData\Local\Deployment
2014-08-12 20:21 - 2013-10-10 18:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-12 20:19 - 2013-02-19 20:50 - 00017408 _____ () C:\Users\EagleEye\AppData\Local\WebpageIcons.db
2014-08-11 23:01 - 2014-08-11 23:00 - 10913324 _____ () C:\Users\EagleEye\Desktop\29. Mr Trololo - Trololo Song.wav
2014-08-07 15:17 - 2014-08-07 15:13 - 00000000 ____D () C:\Users\EagleEye\Desktop\cd4
2014-08-07 03:32 - 2014-08-07 03:32 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 03:32 - 2014-08-07 03:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 03:32 - 2014-08-07 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 03:32 - 2014-08-07 03:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-07 03:32 - 2013-10-16 17:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 21:23 - 2009-12-26 23:19 - 00000000 ____D () C:\Users\EagleEye\AppData\Local\TeamSpeak 3 Client
2014-08-06 17:38 - 2014-08-06 17:24 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\AccurateRip
2014-08-06 17:24 - 2014-08-06 17:24 - 00001042 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk
2014-08-06 17:24 - 2014-08-06 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-08-06 17:24 - 2014-08-06 17:24 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-08-06 17:12 - 2010-02-13 19:14 - 00000209 _____ () C:\Users\EagleEye\Documents\ax_files.xml
2014-08-05 09:20 - 2009-10-16 21:09 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 17:04 - 2010-04-13 21:35 - 00000000 ____D () C:\Users\EagleEye\AppData\Local\Paint.NET
2014-08-03 17:03 - 2014-08-03 17:03 - 00001296 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-03 17:03 - 2010-04-13 21:36 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-08-03 17:03 - 2010-04-13 21:36 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-29 23:39 - 2011-04-14 20:56 - 00000000 ____D () C:\Users\EagleEye\AppData\Roaming\wargaming.net
2014-07-29 23:28 - 2014-07-29 23:28 - 00000000 ____D () C:\Users\EagleEye\Documents\Bauer Sebastian
2014-07-29 18:24 - 2010-07-09 12:28 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-29 17:40 - 2014-07-29 17:40 - 00000000 ____D () C:\Users\EagleEye\.weasis
2014-07-29 17:40 - 2009-10-16 20:50 - 00000000 ____D () C:\Users\EagleEye
2014-07-25 23:33 - 2014-07-25 23:33 - 06588275 _____ ( ) C:\Users\EagleEye\Downloads\WGStream_WoWP_0.5.exe
2014-07-25 13:22 - 2012-03-10 17:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:22 - 2012-03-10 17:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\EagleEye\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvqz5q5.dll
C:\Users\EagleEye\AppData\Local\Temp\Foxit Updater.exe
C:\Users\EagleEye\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\EagleEye\AppData\Local\Temp\proxy_vole2886934923662173205.dll
C:\Users\EagleEye\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 21:15

==================== End Of Log ============================
         
--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by EagleEye at 2014-08-24 19:22:23
Running from F:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Application Profiles (HKLM-x32\...\{148971EC-8755-A666-D384-8F2E9E8B0DC8}) (Version: 2.0.4854.34117 - Advanced Micro Devices, Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0001.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.122.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Eidos)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EA Download Manager (x32 Version: 4.0.0.82 - Electronic Arts) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.01 - Ubisoft)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\{B961CEE2-3519-424E-80C3-D7BB3DA2688F}) (Version: 5.4.3.920 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Game Cam 2.6.1.0 (HKLM-x32\...\Game Cam) (Version: 2.6.1.0 - Game Cam Portal, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.0.400 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDownloader 2.0 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Joe (HKLM-x32\...\{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}) (Version: 3.08.0100 - Wirth IT Design)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version:  - Valve)
Lifeless Planet (HKLM-x32\...\Steam App 261530) (Version:  - Stage 2 Studios)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.6.0.8 - Logitech) Hidden
Mediaport (HKLM-x32\...\Mediaport) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}) (Version: 1.3.5 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-66600999-fa38-498f-9f57-9a2068c81faa) (Version:  - Epic Games, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
OpenOffice.org 3.4.1 Language Pack (German) (HKLM-x32\...\{F68B430F-CB19-4524-8E6D-4B8AE96A05FE}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2065 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version:  - FarSight Studios)
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
PingPlotter Standard 3.41.0s (HKLM-x32\...\{57CE9ADD-8C74-42EF-92CE-3A7736877FB4}) (Version: 3.41.0.4 - Nessoft, LLC)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pro Pinball - Timeshock! (HKLM-x32\...\Pro Pinball - Timeshock!) (Version:  - )
Pro Pinball: Big Race USA (Kickstarter 1998 Edition) version 1.20 (HKLM-x32\...\Pro Pinball: Big Race USA (Kickstarter 1998 Edition)_is1) (Version: 1.20 - )
Pro Pinball: Timeshock! (Kickstarter 1997 Edition) Version 1.20 (HKLM-x32\...\Pro Pinball: Timeshock! (Kickstarter 1997 Edition)_is1) (Version: 1.20 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QT Lite 3.1.0 (HKLM-x32\...\qt7lite_is1) (Version: 3.1.0 - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
RUSH (HKLM-x32\...\Steam App 38720) (Version:  - Two Tribes)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - )
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star Swarm Stress Test (HKLM-x32\...\Steam App 267130) (Version:  - Oxide Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STEUEReasy 2013 (HKLM-x32\...\{4D0EAA2D-8EE2-43AB-BE00-18A1D0A9281C}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Klub 17 (HKCU\...\Klub-7) (Version: 7.5.0 - Team WRK17)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
TV-Browser 3.3.3 (HKLM-x32\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
ViewSonic Windows Vista x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.335 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Win7 Taskbar v2.0 (HKLM-x32\...\Win7 Taskbar) (Version: 2.0 - Magyari Attila)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
World in Conflict (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.1 - Ubisoft Entertainment)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4021553938-1782729957-2344703573-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\EagleEye\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-08-2014 09:23:40 Windows Update
12-08-2014 18:21:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
14-08-2014 14:31:38 Windows Update
19-08-2014 13:10:02 Windows Update
22-08-2014 15:06:58 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {071FA9F8-D774-42B6-A7A9-29A391DAEE70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {08F5AD4E-7CDD-4F42-B589-7A44678C82DA} - System32\Tasks\{6043C27B-0031-427D-B6D5-60F2D7A09607} => D:\Steam\Steam.exe [2014-08-21] (Valve Corporation)
Task: {0A02701D-2407-4DCF-AC84-B4ADA31D5FA1} - System32\Tasks\{6443C933-3F7B-44AA-AC0F-62A42DE02CC0} => C:\Program Files (x86)\Pro Pinball\Kickstarter Editions\Timeshock!\Timeshock!.exe [2013-09-10] ()
Task: {0B35B109-A707-42ED-8245-C61663CF6337} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2BAA4264-1F04-4D59-9E53-2DA95453AAE5} - System32\Tasks\{B9CB761C-587E-4DDE-A779-800AB978C91F} => C:\Program Files (x86)\Pro Pinball\Kickstarter Editions\Timeshock!\Timeshock!.exe [2013-09-10] ()
Task: {33E08C9E-11CD-4B3C-A2A9-4410EC27C0ED} - System32\Tasks\{52E1E40B-8F1F-4139-8339-E109CE820756} => C:\Medion\Run.EXE
Task: {503F0179-CD26-4E87-A5E3-FE002456AC9A} - System32\Tasks\{337DB25A-9392-41C1-B5BA-08E10A445AB7} => C:\Medion\Run.EXE
Task: {559BC225-73B2-4947-9DB8-9F172B9816DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {56B3F50D-F39A-4B7A-AE1B-B1615B10D343} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {6174DD79-4E9E-4733-856C-FE3A40B3AC58} - System32\Tasks\{2EFB4D8E-62C1-43B9-9F22-E99EFE1DE341} => C:\Program Files (x86)\Pro Pinball\Kickstarter Editions\Timeshock!\Timeshock!.exe [2013-09-10] ()
Task: {6DC0F6D6-D790-440B-961E-19D214E89B8F} - System32\Tasks\{50556103-C283-4DA5-BD45-FF8727662800} => C:\Users\EagleEye\Desktop\GHMPVMP.exe
Task: {72D95C74-8343-475A-8FB4-13FAF5832137} - System32\Tasks\{019F13D4-03AE-4659-A6E1-EBEBA7722D16} => C:\Medion\Run.EXE
Task: {73E35972-ABF1-4769-91FC-5C9EAAB5528F} - System32\Tasks\{A2888397-5B47-4308-891B-D9A51E596D4E} => C:\Medion\Run.EXE
Task: {7A586236-B386-432D-BC3A-E3037F509605} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {7C09D2B6-953E-4888-8E1F-CFA7AEC08A24} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {95D6F9C4-1603-4ADF-9A8C-17DA27D879D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BB88D383-B2F7-4CEF-949A-6B83085C4951} - System32\Tasks\{602DC3A4-4AEE-4BC1-B2A0-8631D263F783} => C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\Steuer-Taxi\2009\SSE.exe
Task: {BBE3CFB7-E2A9-4BD5-A011-C7EE8A754EDA} - System32\Tasks\{1132DDEB-1C8D-453D-808D-70B7B2C24257} => C:\Medion\Run.EXE
Task: {CB46F09E-4391-470C-8E98-4FA91E4EBC4D} - System32\Tasks\Intel_C_CVPR111401SL120LGN => C:\Program Files (x86)\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [2013-12-17] (Intel)
Task: {CEB4E3EA-D9FB-46BD-A524-D4010B790B2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)
Task: {CEF700CF-5C0F-47D9-9CEE-D42CF900C5F5} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {DADAE20D-8A11-47CA-8974-6FD3F1568EFC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F04864B6-8DEE-42BC-B106-62E03D834FB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)
Task: {F83267A5-B971-4543-B0C6-E8E8FA701A77} - \cd4014f0 No Task File <==== ATTENTION
Task: {FF3A39BA-6189-4566-9515-C95452A3160D} - System32\Tasks\{059CBB71-8F59-4077-A0A0-853AB3DEF7D3} => C:\Users\EagleEye\Desktop\GHMPVMP.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-05 19:29 - 2014-02-05 19:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-04-23 19:31 - 2013-04-30 02:55 - 00425984 ___RH () C:\ProgramData\RazorU0\ntibcpsaq.exe
2012-04-19 16:48 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-04-19 16:48 - 2009-06-29 10:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-10-16 21:50 - 2007-09-13 18:05 - 00002560 _____ () C:\Windows\system32\CTXFIGER.DLL
2014-06-11 04:57 - 2014-06-11 04:57 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 04:57 - 2014-06-11 04:57 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 04:57 - 2014-06-11 04:57 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-14 19:27 - 2014-08-14 19:27 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e1dca04e43d05aff13c672a916b3e8ef\IsdiInterop.ni.dll
2011-05-14 16:16 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-23 16:51 - 2014-08-23 16:51 - 03736688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 05:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.0.5347, Zeitstempel: 0x53f78100
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.0.5347, Zeitstempel: 0x53f7395d
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x194
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (08/22/2014 05:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: msieftp.dll, Version: 6.1.7601.18300, Zeitstempel: 0x5270700a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000025e4f
ID des fehlerhaften Prozesses: 0x97c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/22/2014 05:02:41 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (08/22/2014 05:02:41 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


System errors:
=============
Error: (08/24/2014 06:57:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 06:57:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 02:31:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (08/24/2014 02:31:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (08/24/2014 05:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.0.534753f78100mozalloc.dll32.0.0.534753f7395d800000030000141b19401cfbfabbe3907cdC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla180d944-2ba6-11e4-a752-bc05430514a4

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.   0x0

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Error: (08/24/2014 02:29:53 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.   0x0

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Error: (08/23/2014 03:28:46 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 

Error: (08/22/2014 05:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4msieftp.dll6.1.7601.183005270700ac00000050000000000025e4f97c01cfbe1a1aea4043C:\Windows\Explorer.EXEC:\Windows\system32\msieftp.dllc57383db-2a0d-11e4-a323-bc05430514a4

Error: (08/22/2014 05:02:41 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.   0x0

Error: (08/22/2014 05:02:41 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


CodeIntegrity Errors:
===================================
  Date: 2012-03-26 16:04:18.339
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-26 16:04:18.284
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-05-22 13:54:38.008
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-05-22 13:54:37.998
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-05-22 13:46:33.182
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-05-22 13:46:33.172
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-04-01 18:15:07.250
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-04-01 18:15:07.250
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\FlashUSB_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 17%
Total physical RAM: 12286.3 MB
Available physical RAM: 10152.48 MB
Total Pagefile: 16380.48 MB
Available Pagefile: 13989.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Win7 SSD) (Fixed) (Total:111.79 GB) (Free:67.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Zocken) (Fixed) (Total:400 GB) (Free:73.99 GB) NTFS
Drive e: (Multimedia) (Fixed) (Total:265.75 GB) (Free:83.42 GB) NTFS
Drive f: (Sonstiges) (Fixed) (Total:265.75 GB) (Free:142.63 GB) NTFS
Drive w: (WoT) (Fixed) (Total:59.62 GB) (Free:36.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6B459E80)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5AE0064F)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E8B013D0)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 25.08.2014, 12:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.08.2014, 16:59   #5
IGL
 
unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



Ich danke dir für deine wertwolle Zeit!

Zwischenzeitlich hatte sich meine SSD verabschieded. Somit ist nun auch dieses Backdoor-Problem gelöst
Kann geschlossen werden.


Alt 29.08.2014, 09:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

unbekannter Trojaner/Backdoor - Standard

unbekannter Trojaner/Backdoor



ok
__________________
--> unbekannter Trojaner/Backdoor

Antwort

Themen zu unbekannter Trojaner/Backdoor
bekannter, brauch, datei, erkenn, erkennt, folge, folgende, infos, programdata, taskma, taskmanager, troja, unbekannter, vermutung, verschiedene, versteckt, volle



Ähnliche Themen: unbekannter Trojaner/Backdoor


  1. Unbekannter GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (17)
  2. Unbekannter Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (11)
  3. Unbekannter Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (1)
  4. Unbekannter Trojaner?
    Log-Analyse und Auswertung - 03.11.2010 (6)
  5. unbekannter icq trojaner
    Mülltonne - 21.12.2008 (0)
  6. unbekannter Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.11.2008 (1)
  7. Unbekannter Trojaner!!
    Plagegeister aller Art und deren Bekämpfung - 26.05.2008 (1)
  8. Unbekannter Trojaner/Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2007 (3)
  9. Unbekannter Trojaner ?
    Log-Analyse und Auswertung - 06.07.2007 (7)
  10. unbekannter Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 08.04.2006 (3)
  11. unbekannter Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.05.2005 (10)
  12. unbekannter trojaner?!
    Log-Analyse und Auswertung - 10.05.2005 (0)
  13. unbekannter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 10.11.2004 (5)
  14. unbekannter TRojaner
    Plagegeister aller Art und deren Bekämpfung - 01.10.2004 (28)
  15. Unbekannter Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2004 (33)
  16. unbekannter Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 18.03.2004 (4)
  17. unbekannter trojaner ??
    Plagegeister aller Art und deren Bekämpfung - 02.07.2003 (32)

Zum Thema unbekannter Trojaner/Backdoor - Hallo! Mir ist letztens folgende Datei im Taskmanager aufgefallen die ständing CPU-Zeit verschlingt: C:\ProgramData\RazorU0\ntibcpsaq.exe Ist versteckt und schreibgeschützt. Virustotal bestätigt mich in meiner Vermutung und gibt dem Mist verschiedene Namen. - unbekannter Trojaner/Backdoor...
Archiv
Du betrachtest: unbekannter Trojaner/Backdoor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.