| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.04.2014, 10:35
| #1 |
 |  Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo Liebe Community, Es geht darum, dass ich den Verdacht habe, dass mein PC stark mit Viren befallen ist. Seit einigen Wochen schon leidet die Internetverbindung extrem, Ich werde, wenn ich den Browser öffne, auf ganz komische Seiten umgeleitet, Der Pc friert manchmal einfach so ein und der Computer ist an sich recht langsam. Nun die Frage: Kann mir jemand von euch helfen diese Viren zu löschen damit der Computer wieder besser funktioniert? Danke im Vorraus! P.S. Ich benutze windows-7 Mit freundlichen Grüßen Bekir Was noch hinzuzufügen ist: Ich war schon einmal hier im Forum und hatte mein Problem mit diesem Forum geteilt. Mir wurde intensiv bei der Sache geholfen und alle Viren(zumindest die Symptome) wurden bereinigt. Da wollte ich mich nochmal bedanken. |
|
14.04.2014, 11:13
| #2 |
| Ruhe in Frieden † 2019     | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.04.2014, 11:34
| #3 | |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Addition.txt
__________________Zitat:
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Botan (administrator) on XEBAT-PC on 14-04-2014 12:30:14
Running from C:\Users\Botan\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\Premium\MagniPic\MagniPic.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe
() C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
() C:\Program Files (x86)\PlurPush\updatePlurPush.exe
() C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BugSplat, LLC) C:\Users\Bekir&Botan\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.2.36\deploy\BsSndRpt.exe
(BugSplat, LLC) C:\Users\Bekir&Botan\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.2.36\deploy\BsSndRpt.exe
( ) C:\Users\BEKIR&~1\AppData\Local\Temp\nsh8CB7.tmp
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
() C:\Program Files (x86)\PlurPush\bin\FilterApp_C64.exe
() C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserAdapter.exe
(Smartbar) C:\Users\Botan\AppData\Local\Smartbar\Application\Smartbar.exe
() C:\Users\Botan\AppData\Local\Smartbar\Application\Lrcnta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-29] (Siber Systems)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe [20760 2013-11-21] (Smartbar)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [Akamai NetSession Interface] => C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [DT Emphelungstool] => "C:\Users\Bekir&Botan\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 1
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006\...\MountPoints2: {db1faac1-9594-11e2-9446-806e6f6e6963} - D:\Start.exe
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser Stabilizer\BrowserStabilizer_x64.dll [4204032 2013-12-27] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => C:\ProgramData\Browser Stabilizer\BrowserStabilizer.dll [4242432 2013-12-27] ()
Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDY,&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
BHO: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho64.dll (Feven)
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho.dll (Feven)
BHO-x32: Lyrics Monkey - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files (x86)\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
BHO-x32: MiaggnyiPPic - {226EC5EC-B16E-A1ED-2CC5-09C8C306D073} - C:\ProgramData\MiaggnyiPPic\51c7351647449.dll ()
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll (PlurPush)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: http:\/\/start.mysearchdial.com\/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http:\/\/start.mysearchdial.com\/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14]
CHR Extension: (Google-Suche) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (MySearchDial Neuer Tab) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Google Mail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]
CHR Extension: (Feven 2.5) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbhkhbgdaamliaimlpdlhokkecoibka [2014-01-18]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\LyricsMonkey\Chrome.crx [2013-04-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 2db04d42; C:\ProgramData\Browser Stabilizer\BrowserStabilizerSvc.dll [180048 2013-12-27] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
U4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] ()
R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek)
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()
R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-10] ()
R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-10] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-18] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] ()
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [884712 2014-03-23] (TENCENT)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib)
S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-14 12:30 - 2014-04-14 12:30 - 00024302 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-04-14 12:30 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST
2014-04-14 12:29 - 2014-04-14 12:29 - 02157568 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup
2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG
2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software
2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4
2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk
2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D1
2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe
2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe
2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten
2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk
2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 11:17 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Systweak
2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 10:30 - 2014-04-14 10:50 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 09:11 - 2014-04-14 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 09:10 - 2014-04-14 12:10 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-14 09:10 - 2014-04-14 09:10 - 00003232 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-04-14 09:09 - 2014-04-14 09:10 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\mysearchdial
2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx
2014-04-14 09:09 - 2014-04-14 09:09 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-04-14 09:09 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe
2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL
2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt
2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe
2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar
2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe
2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip
2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip
2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip
2014-04-07 20:19 - 2014-04-14 12:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip
2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe
2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe
2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip
2014-04-07 19:44 - 2014-04-11 14:43 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung
2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp
2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends
2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar
2014-04-03 22:35 - 2014-04-03 22:37 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner
2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm
2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (hxxp://yourfiledownloader.com) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe
2014-04-03 18:12 - 2014-04-03 18:12 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Systweak
2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype
2014-04-03 18:02 - 2014-04-03 18:03 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Systweak
2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt
2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt
2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client
2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk
2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz
2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk
2014-03-30 15:30 - 2014-03-31 14:52 - 00000000 ____D () C:\Program Files (x86)\PlurPush
2014-03-30 15:30 - 2014-03-30 15:30 - 00001973 _____ () C:\Users\Botan\Desktop\Sync Folder.lnk
2014-03-30 15:30 - 2014-03-30 15:30 - 00001091 _____ () C:\Users\Botan\Desktop\MyPC Backup.lnk
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-30 15:29 - 2014-04-14 12:26 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Systweak
2014-03-30 15:29 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\Smartbar
2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\LPT
2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip
2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe
2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-23 14:16 - 2014-03-23 14:16 - 00000000 ____D () C:\Program Files\Tencent
2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe
2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk
2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe
2014-03-20 15:59 - 2014-03-20 16:02 - 00000000 ____D () C:\Program Files (x86)\Tencent
2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk
2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe
2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard
2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment
2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net
2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net
2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe
2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-19 21:54 - 2014-03-22 01:10 - 00000000 ____D () C:\ProgramData\Tencent
2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml
2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk
2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn
2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe
2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations
2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files
2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS
2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium
2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt
2014-03-19 19:02 - 2014-03-23 22:47 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk
2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ·
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ·
2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data
2014-03-18 20:41 - 2014-03-22 01:10 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Tencent
2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload
2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe
2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype
2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar
==================== One Month Modified Files and Folders =======
2014-04-14 12:30 - 2014-04-14 12:30 - 00024302 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-04-14 12:30 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST
2014-04-14 12:29 - 2014-04-14 12:29 - 02157568 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-04-14 12:26 - 2014-03-30 15:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Systweak
2014-04-14 12:24 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype
2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data
2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-04-14 12:22 - 2014-04-14 09:11 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 12:22 - 2013-03-25 23:44 - 01778423 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 12:21 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-04-14 12:19 - 2014-04-07 20:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-14 12:17 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup
2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG
2014-04-14 12:10 - 2014-04-14 09:10 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software
2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5
2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4
2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk
2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-14 12:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2
2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D1
2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe
2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe
2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten
2014-04-14 12:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk
2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk
2014-04-14 11:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 11:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 11:21 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify
2014-04-14 11:21 - 2014-01-18 00:09 - 00001328 _____ () C:\Windows\Tasks\Feven 2.5-updater.job
2014-04-14 11:21 - 2014-01-18 00:09 - 00001280 _____ () C:\Windows\Tasks\Feven 2.5-codedownloader.job
2014-04-14 11:21 - 2014-01-18 00:09 - 00001152 _____ () C:\Windows\Tasks\Feven 2.5-enabler.job
2014-04-14 11:21 - 2014-01-18 00:08 - 00002112 _____ () C:\Windows\Tasks\Feven 2.5-chromeinstaller.job
2014-04-14 11:21 - 2014-01-18 00:08 - 00002034 _____ () C:\Windows\Tasks\Feven 2.5-firefoxinstaller.job
2014-04-14 11:21 - 2013-06-23 19:00 - 00000376 ____H () C:\Windows\Tasks\MagniPicUpdaterTask{763F5F08-6C67-402E-A43C-A37A27633406}.job
2014-04-14 11:21 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 11:19 - 2014-01-18 00:09 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\newnext.me
2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify
2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 11:17 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Systweak
2014-04-14 11:16 - 2013-03-26 00:21 - 00194534 _____ () C:\Windows\PFRO.log
2014-04-14 11:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 11:16 - 2009-07-14 06:51 - 00080673 _____ () C:\Windows\setupact.log
2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk
2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-14 10:50 - 2014-04-14 10:30 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 09:10 - 2014-04-14 09:10 - 00003232 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-04-14 09:10 - 2014-04-14 09:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\mysearchdial
2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx
2014-04-14 09:09 - 2014-04-14 09:09 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-04-13 11:58 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify
2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL
2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar
2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-11 23:13 - 2014-04-14 09:09 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 14:43 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung
2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify
2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe
2014-04-09 21:10 - 2013-06-10 22:13 - 00002387 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip
2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip
2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip
2014-04-07 20:19 - 2013-03-29 11:48 - 00000000 _____ () C:\END
2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip
2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe
2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe
2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip
2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump
2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp
2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends
2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar
2014-04-03 22:37 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner
2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm
2014-04-03 21:55 - 2014-04-03 21:54 - 07083256 _____ (hxxp://yourfiledownloader.com) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe
2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai
2014-04-03 18:12 - 2014-04-03 18:12 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Systweak
2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files
2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype
2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype
2014-04-03 18:03 - 2014-04-03 18:02 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Systweak
2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe
2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe
2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt
2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt
2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client
2014-03-31 18:36 - 2014-01-18 00:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-31 14:52 - 2014-03-30 15:30 - 00000000 ____D () C:\Program Files (x86)\PlurPush
2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz
2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-30 15:30 - 2014-03-30 15:30 - 00001973 _____ () C:\Users\Botan\Desktop\Sync Folder.lnk
2014-03-30 15:30 - 2014-03-30 15:30 - 00001091 _____ () C:\Users\Botan\Desktop\MyPC Backup.lnk
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\Smartbar
2014-03-30 15:28 - 2014-03-30 15:28 - 00000000 ____D () C:\Users\Botan\AppData\Local\LPT
2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip
2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder
2014-03-23 22:47 - 2014-03-19 19:02 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net
2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download
2014-03-23 14:16 - 2014-03-23 14:16 - 00000000 ____D () C:\Program Files\Tencent
2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe
2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json
2014-03-22 01:10 - 2014-03-19 21:54 - 00000000 ____D () C:\ProgramData\Tencent
2014-03-22 01:10 - 2014-03-18 20:41 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Tencent
2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk
2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe
2014-03-20 16:02 - 2014-03-20 15:59 - 00000000 ____D () C:\Program Files (x86)\Tencent
2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk
2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe
2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk
2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard
2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment
2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net
2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe
2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml
2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk
2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn
2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe
2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations
2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files
2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS
2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium
2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt
2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ·
2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ·
2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload
2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data
2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe
2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify
2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify
2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype
2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer
2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar
Some content of TEMP:
====================
C:\Users\Bekir&Botan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\DelayInst.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\installservice.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\iobwnedxjvdevl.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\NGMDll.dll
C:\Users\Bekir&Botan\AppData\Local\Temp\NGMResource.dll
C:\Users\Bekir&Botan\AppData\Local\Temp\NGMSetup.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\Profiles.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\unicows.dll
C:\Users\Bekir&Botan\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Botan\AppData\Local\Temp\1_Offer_9.exe
C:\Users\Botan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Botan\AppData\Local\Temp\DownloadManager.exe
C:\Users\Botan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Botan\AppData\Local\Temp\nsiA7B8.exe
C:\Users\Botan\AppData\Local\Temp\sp-downloader.exe
C:\Users\Botan\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\Schule\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Schule\AppData\Local\Temp\gnsocaby.dll
C:\Users\Schule\AppData\Local\Temp\hrxha0hy.dll
C:\Users\Schule\AppData\Local\Temp\instloffer.exe
C:\Users\Schule\AppData\Local\Temp\itinstallerp.exe
C:\Users\Schule\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\Schule\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Schule\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Schule\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Schule\AppData\Local\Temp\uninst1.exe
C:\Users\Schule\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Schule\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Xebat\AppData\Local\Temp\bitool.dll
C:\Users\Xebat\AppData\Local\Temp\DeltaTB.exe
C:\Users\Xebat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Xebat\AppData\Local\Temp\LyricsPal.exe
C:\Users\Xebat\AppData\Local\Temp\lyricstmp.exe
C:\Users\Xebat\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\Xebat\AppData\Local\Temp\ose00000.exe
C:\Users\Xebat\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\Xebat\AppData\Local\Temp\wajam_install.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 20:32
==================== End Of Log ============================
--- --- --- --- --- --- |
|
14.04.2014, 21:10
| #4 |
| Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo bekirikus, gibt es einen bestimmten Grund, warum auf dem Rechner kein Antivirenprogramm drauf ist? Sagt dir eine Softwarefirma namens Tencent etwas? In deiner Programmliste befindet sich ein Eintrag von denen. Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Browser Stabilizer Bundled software uninstaller DMUninstaller Feven 2.5 FilesFrog Update Checker Lyrics Monkey MagniPic MyPC Backup Mysearchdial SoftwareUpdater WPM17.8.0.3325 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du Probleme mit der Deinstallation eines der genannten Programme haben solltest, dann benutze den Revo-uninstaller dafür. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
|
|
15.04.2014, 13:46
| #5 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Tencent sagt mir jetzt nichts :O. Zu den Virenprogrammen kann ich nur sagen, dass ich immer die falschen raussuche und diese sich dann als Viren herausstellen.. Würde mich freuen wenn du mir ein Programm(kostenlos) empfehlen könntest. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 13:08:23
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Botan - XEBAT-PC
# Gestartet von : C:\Users\Botan\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Tencent
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\MiaggnyiPPic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\MagniPic
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\Tencent
Ordner Gelöscht : C:\Program Files (x86)\XingHaoLyrics
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tencent
Ordner Gelöscht : C:\Program Files\Tencent
Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Xebat\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Schule\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\mixidj
Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\MiaggnyiPPic
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\BitLord
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Schule\Documents\BitLord
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\mixidj
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\LocalLow\MiaggnyiPPic
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Bekir&Botan\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Botan\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Temp\Tencent
Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\mixidj
Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Botan\AppData\LocalLow\MiaggnyiPPic
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Mysearchdial
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Tencent
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\ffxtlbr@mixidj.com
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\staged
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\Extensions\staged
Ordner Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\Extensions\staged
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\Extensions\staged
Ordner Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Users\Bekir&Botan\Desktop\Search.lnk
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\mixidj.xml
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\user.js
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\user.js
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\user.js
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\user.js
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Botan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\5208adbe16fee43
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_actual-booster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_actual-booster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_skypelogview_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_skypelogview_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{226EC5EC-B16E-A1ED-2CC5-09C8C306D073}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{226EC5EC-B16E-A1ED-2CC5-09C8C306D073}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\TENCENT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware
Schlüssel Gelöscht : HKLM\Software\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "143df47e901d5f1afaf10e9892e57d3e");
Zeile gelöscht : user_pref("extensions.mixidj.tlbrId", "mdelta");
Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "5921");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1379,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1365245657839 - onFlagInfoReceived - Server mapping version (client-side): 0.21086\n1365245657839 - onFlagInfoReceived - Same server mapping version, don't upd[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "2BAE65D8B6B1C5AEA46FD1876421E2C2");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
Zeile gelöscht : user_pref("extensions.wajam.website_version", "1.00271.0");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiH[...]
[ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...]
Zeile gelöscht : user_pref("extensions.51c735164736a.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElem[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "143d322eb8e7dd5d5d40dc19140f2132");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiH[...]
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
[ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\wptsnvzn.default-1367853308201\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD[...]
[ Datei : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5IJzD1I[...]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "nationzoom");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&ty[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "143a2d2bba07b56ec54849a93dd5b919");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&fr=linkury-tb&installDate=14/01/2014&type=hp1000&p="[...]
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[ Datei : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "145649c8d427189e17acc34ad9fe9147");
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
[ Datei : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
[ Datei : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : icon_url
*************************
AdwCleaner[R0].txt - [37437 octets] - [15/04/2014 13:07:13]
AdwCleaner[S0].txt - [30407 octets] - [15/04/2014 13:08:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30468 octets] ##########
+++ mbam.txt konnte ich hier nicht reinkopieren da beim erstellen der datei das gesamte Programm abgestürtzt ist +++ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Botan at 2014-04-15 14:10:42
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
½£Áé_ÌÚѶ (HKLM-x32\...\½£Áé_ÌÚѶ) (Version: - Tencent)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
China Localization Patcher (HKLM-x32\...\{358B9F54-BFA2-4FC4-8134-CA786EC84260}) (Version: 1.5.1.0 - LokiReborn)
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1197 - SG INTERACTIVE)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard)
Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version: - Turbine, Inc)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
ÌÚѶÓÎϷƽ̨ (HKLM-x32\...\ÌÚѶÓÎϷƽ̨Formal) (Version: - Tencent)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - )
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140120.76235 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlurPush (HKLM\...\PlurPush) (Version: 2014.03.28.231718 - PlurPush)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
网游加速小助手(剑灵) (HKLM-x32\...\网游加速小助手(剑灵)) (Version: 2.0.45.89 - Copyright (C) 2013 Tencent)
==================== Restore Points =========================
10-04-2014 16:06:12 Windows Update
12-04-2014 06:45:18 Installed Java 7 Update 51
14-04-2014 10:07:20 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
14-04-2014 10:08:44 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
14-04-2014 10:11:19 Revo Uninstaller's restore point - RegClean Pro
14-04-2014 10:15:05 Revo Uninstaller's restore point - Yahoo Community Smartbar
14-04-2014 10:16:08 Revo Uninstaller's restore point - VO Package
14-04-2014 10:17:11 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine
14-04-2014 10:18:08 Revo Uninstaller's restore point - Shopping Helper Smartbar
14-04-2014 10:19:16 Revo Uninstaller's restore point - Search Protect
14-04-2014 10:20:20 Revo Uninstaller's restore point - PDF24 Creator 6.3.1
14-04-2014 10:21:52 Revo Uninstaller's restore point - BlockAndSurf
14-04-2014 10:23:16 Revo Uninstaller's restore point - RoboForm 7-9-0-0 (All Users)
14-04-2014 10:25:22 Revo Uninstaller's restore point - MixiDJ Toolbar
14-04-2014 10:26:16 Revo Uninstaller's restore point - Advanced System Protector
14-04-2014 10:27:23 Revo Uninstaller's restore point - AnyProtect
15-04-2014 10:34:47 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {002BED3E-0919-4BBA-995C-03DF069AAFAC} - System32\Tasks\Opera D6 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08C53256-84E4-4A93-9D31-4012A0E1265A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {0B690F27-DA5A-4C5E-8AF6-045ABC577E99} - System32\Tasks\Opera D2 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated)
Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {32E2FB49-08D2-4DBE-93C7-4EC65EC0EC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe
Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe
Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {91A8BAED-7921-4F64-8D8F-23A72868DD67} - System32\Tasks\Opera D7 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe
Task: {A3BF923E-AA25-43DC-B5EC-2164F85BE938} - System32\Tasks\Opera D3 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ"
Task: {C3C1E073-17C1-4AD7-888A-EFA9E57142B8} - System32\Tasks\Opera D4 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar
Task: {FA300F06-B62E-4AA8-AC6E-3FA665C44822} - System32\Tasks\Opera D5 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 17:32 - 2012-12-19 17:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 17:32 - 2012-12-19 17:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-29 01:17 - 2014-04-15 11:27 - 00350488 _____ () C:\Program Files (x86)\PlurPush\updatePlurPush.exe
2014-03-30 16:34 - 2014-04-15 10:54 - 00350488 _____ () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe
2013-05-17 13:32 - 2013-03-01 14:13 - 01300816 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-05-17 13:36 - 2014-03-29 11:00 - 05329400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
2013-07-10 10:56 - 2013-07-10 10:56 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe
2013-05-17 13:36 - 2014-04-03 14:26 - 16510456 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\League of Legends.exe
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll
2014-03-18 18:05 - 2014-03-18 18:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-18 17:01 - 2014-03-28 15:40 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-09-07 17:04 - 2014-03-29 11:00 - 00264696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\RiotLauncher.dll
2013-05-17 13:36 - 2014-04-03 14:26 - 01494520 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\RiotLauncher.dll
2013-09-07 17:25 - 2014-03-29 11:00 - 00380408 _____ () C:\Riot Games\League of Legends\RADS\RiotRadsIO.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2014 02:06:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (04/15/2014 02:04:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xbc4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (04/15/2014 02:03:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xa9c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (04/15/2014 01:01:08 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:01:07 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:01:06 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:01:04 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:00:10 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:00:09 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
Error: (04/15/2014 01:00:07 PM) (Source: MagniPicUpdater) (User: )
Description: BITS download job failed -2145386479 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht verfügbar.
System errors:
=============
Error: (04/15/2014 01:10:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/15/2014 01:01:57 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/15/2014 10:51:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/14/2014 11:19:01 AM) (Source: Service Control Manager) (User: )
Description: Dienst "BlockAndSurf" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/14/2014 11:18:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde nicht richtig gestartet.
Error: (04/14/2014 11:17:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/14/2014 11:17:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/14/2014 11:17:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (04/14/2014 11:16:52 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 14.04.2014 um 11:15:59 unerwartet heruntergefahren.
Error: (04/14/2014 11:15:10 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 14.04.2014 um 11:14:02 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 72%
Total physical RAM: 4093.55 MB
Available physical RAM: 1144.36 MB
Total Pagefile: 8185.25 MB
Available Pagefile: 4780.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:137.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6312B514)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.04.2014, 13:47
| #6 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Botan (administrator) on XEBAT-PC on 15-04-2014 14:10:08 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe () C:\Program Files (x86)\PlurPush\updatePlurPush.exe () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\League of Legends.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Xebat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-29] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Xebat\AppData\Roaming\Spotify\spotify.exe [4640768 2014-01-29] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {20ff1223-bee4-11e2-9105-50e549d5f581} - F:\Startme.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {797d9470-95aa-11e2-8f78-50e549d5f581} - E:\Setup.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-05-01] () HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [SDP] => C:\Users\Schule\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3551576 2014-01-16] (Electronic Arts) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [ThreadManager.exe] => C:\Program Files (x86)\Thread Manager\ThreadManager.exe [12322584 2013-07-04] (Digital Generation Inc.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {fe4d9a5b-d903-11e2-9673-50e549d5f581} - F:\LGAutoRun.exe HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RoboForm] => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Bekir&Botan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.) HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DT Emphelungstool] => "C:\Users\Bekir&Botan\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 1 HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {db1faac1-9594-11e2-9446-806e6f6e6963} - D:\Start.exe Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN???????? ????; (MSN????) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] () R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] () ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 TesSafe; C:\Windows\system32\TesSafe.sys [884712 2014-03-23] (TENCENT) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 14:09 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-15 14:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-14 12:31 - 00044435 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-15 14:10 - 00018566 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-15 14:10 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-15 14:09 - 02054144 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 10:30 - 2014-04-14 11:10 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 10:30 - 2014-04-14 10:50 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2014-04-14 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-14 09:09 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-11 14:43 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-03 22:37 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:30 - 2014-04-15 13:19 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-23 22:47 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-15 14:10 - 2014-04-14 12:30 - 00018566 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-15 14:10 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-15 14:09 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 14:09 - 2014-04-14 12:29 - 02054144 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-15 14:06 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 14:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 14:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 13:19 - 2014-03-30 15:30 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-15 13:15 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:15 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:14 - 2013-03-25 23:44 - 01857641 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:10 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-15 13:10 - 2013-03-26 00:21 - 00201786 _____ () C:\Windows\PFRO.log 2014-04-15 13:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 13:10 - 2009-07-14 06:51 - 00081401 _____ () C:\Windows\setupact.log 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:09 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:07 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 23:40 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-14 17:58 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-14 12:31 - 00044435 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:22 - 2014-04-14 09:11 - 00000444 __RSH () C:\ProgramData\ntuser.pol 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D2 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-14 11:10 - 2014-04-14 10:30 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 10:50 - 2014-04-14 10:30 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-14 10:30 - 2014-04-14 10:30 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-14 10:30 - 2014-04-14 10:30 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-14 09:09 - 2014-04-14 09:09 - 00358193 _____ () C:\Users\Botan\AppData\Local\speedial.crx 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 23:13 - 2014-04-14 09:09 - 01079839 _____ (AnyProtect.com) C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe 2014-04-11 14:43 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:37 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm 2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm 2014-04-03 21:55 - 2014-04-03 21:54 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 17:05 - 2014-03-30 17:05 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-29 15:40 - 2014-03-29 15:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:47 - 2014-03-19 19:02 - 00884712 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Bekir&Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\DelayInst.exe C:\Users\Bekir&Botan\AppData\Local\Temp\installservice.exe C:\Users\Bekir&Botan\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\Bekir&Botan\AppData\Local\Temp\NGMDll.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMResource.dll C:\Users\Bekir&Botan\AppData\Local\Temp\NGMSetup.exe C:\Users\Bekir&Botan\AppData\Local\Temp\Profiles.exe C:\Users\Bekir&Botan\AppData\Local\Temp\unicows.dll C:\Users\Bekir&Botan\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Botan\AppData\Local\Temp\1_Offer_9.exe C:\Users\Botan\AppData\Local\Temp\BackupSetup.exe C:\Users\Botan\AppData\Local\Temp\bi_cleaner.exe C:\Users\Botan\AppData\Local\Temp\DownloadManager.exe C:\Users\Botan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Botan\AppData\Local\Temp\nsiA7B8.exe C:\Users\Botan\AppData\Local\Temp\Quarantine.exe C:\Users\Botan\AppData\Local\Temp\sp-downloader.exe C:\Users\Botan\AppData\Local\Temp\TXPltSafeInit.dll C:\Users\Schule\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Schule\AppData\Local\Temp\gnsocaby.dll C:\Users\Schule\AppData\Local\Temp\hrxha0hy.dll C:\Users\Schule\AppData\Local\Temp\instloffer.exe C:\Users\Schule\AppData\Local\Temp\itinstallerp.exe C:\Users\Schule\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\Schule\AppData\Local\Temp\SkypeSetup.exe C:\Users\Schule\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Schule\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Schule\AppData\Local\Temp\uninst1.exe C:\Users\Schule\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Schule\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Xebat\AppData\Local\Temp\bitool.dll C:\Users\Xebat\AppData\Local\Temp\DeltaTB.exe C:\Users\Xebat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Xebat\AppData\Local\Temp\LyricsPal.exe C:\Users\Xebat\AppData\Local\Temp\lyricstmp.exe C:\Users\Xebat\AppData\Local\Temp\MixiDJToolbar_yh.exe C:\Users\Xebat\AppData\Local\Temp\ose00000.exe C:\Users\Xebat\AppData\Local\Temp\vlc-2.0.6-win64.exe C:\Users\Xebat\AppData\Local\Temp\wajam_install.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ ... |
|
15.04.2014, 20:17
| #7 |
| Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Ok, dann lass das erstmal weg, btw: Warum hat das Windows kein ServicePack1 und noch den IE 9. Als kostenloses AV kann ich dir AVAST! empfehlen und das auch ziemlich dringend, bei der ganzen Masse an Kram auf deinem PC. Falls du dir es herunterladen möchtest, mache bitte damit eine Schnellüberprüfung und poste etwaige Funde hier. Wie läuft der Rechner denn jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe
HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] ()
R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Bekir&Botan\AppData\Roaming\newnext.me
C:\Users\Schule\AppData\Local\WebPlayer
C:\Users\Bekir&Botan\AppData\Local\Smartbar
C:\ProgramData\Windows\
C:\Program Files\McAfee Security Scan
C:\Program Files (x86)\PlurPush
C:\Windows\system32\TesSafe.sys
C:\Windows\System32\drivers\wStLibG64.sys
C:\Users\Botan\AppData\Local\speedial.crx
C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe
2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm
2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll
C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe
C:\Users\Botan\AppData\Local\Temp\*.dll
C:\Users\Botan\AppData\Local\Temp\*.exe
C:\Users\Schule\AppData\Local\Temp\*.exe
C:\Users\Xebat\AppData\Local\Temp\*.exe
C:\Users\Schule\AppData\Local\Temp\*.dll
C:\Users\Xebat\AppData\Local\Temp\*.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
16.04.2014, 20:42
| #8 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by Botan at 2014-04-16 21:30:36
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
½£Áé_ÌÚѶ (HKLM-x32\...\½£Áé_ÌÚѶ) (Version: - Tencent)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
China Localization Patcher (HKLM-x32\...\{358B9F54-BFA2-4FC4-8134-CA786EC84260}) (Version: 1.5.1.0 - LokiReborn)
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1197 - SG INTERACTIVE)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version: - Turbine, Inc)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
ÌÚѶÓÎϷƽ̨ (HKLM-x32\...\ÌÚѶÓÎϷƽ̨Formal) (Version: - Tencent)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - )
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140120.76235 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlurPush (HKLM\...\PlurPush) (Version: 2014.03.28.231718 - PlurPush)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
网游加速小助手(剑灵) (HKLM-x32\...\网游加速小助手(剑灵)) (Version: 2.0.45.89 - Copyright (C) 2013 Tencent)
==================== Restore Points =========================
12-04-2014 06:45:18 Installed Java 7 Update 51
14-04-2014 10:07:20 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
14-04-2014 10:08:44 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
14-04-2014 10:11:19 Revo Uninstaller's restore point - RegClean Pro
14-04-2014 10:15:05 Revo Uninstaller's restore point - Yahoo Community Smartbar
14-04-2014 10:16:08 Revo Uninstaller's restore point - VO Package
14-04-2014 10:17:11 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine
14-04-2014 10:18:08 Revo Uninstaller's restore point - Shopping Helper Smartbar
14-04-2014 10:19:16 Revo Uninstaller's restore point - Search Protect
14-04-2014 10:20:20 Revo Uninstaller's restore point - PDF24 Creator 6.3.1
14-04-2014 10:21:52 Revo Uninstaller's restore point - BlockAndSurf
14-04-2014 10:23:16 Revo Uninstaller's restore point - RoboForm 7-9-0-0 (All Users)
14-04-2014 10:25:22 Revo Uninstaller's restore point - MixiDJ Toolbar
14-04-2014 10:26:16 Revo Uninstaller's restore point - Advanced System Protector
14-04-2014 10:27:23 Revo Uninstaller's restore point - AnyProtect
15-04-2014 10:34:47 Windows Update
15-04-2014 20:49:53 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {002BED3E-0919-4BBA-995C-03DF069AAFAC} - System32\Tasks\Opera D6 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08C53256-84E4-4A93-9D31-4012A0E1265A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {1B3E1F00-7C74-458B-B1E2-AE3ECFD48B54} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-15] (AVAST Software)
Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated)
Task: {32E2FB49-08D2-4DBE-93C7-4EC65EC0EC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe
Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe
Task: {91A8BAED-7921-4F64-8D8F-23A72868DD67} - System32\Tasks\Opera D7 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe
Task: {A3BF923E-AA25-43DC-B5EC-2164F85BE938} - System32\Tasks\Opera D3 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ"
Task: {C3C1E073-17C1-4AD7-888A-EFA9E57142B8} - System32\Tasks\Opera D4 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar
Task: {FA300F06-B62E-4AA8-AC6E-3FA665C44822} - System32\Tasks\Opera D5 => C:\Program Files (x86)\Opera\launcher.exe [2014-03-19] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 17:32 - 2012-12-19 17:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 20:39 - 2012-10-17 20:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 17:32 - 2012-12-19 17:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-23 19:19 - 2014-04-11 00:20 - 00602680 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-04-15 22:57 - 2014-04-15 22:57 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041501\algo.dll
2014-04-16 19:29 - 2014-04-16 19:29 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-04-15 22:51 - 2014-04-15 22:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll
2014-03-18 18:05 - 2014-03-18 18:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-18 17:01 - 2014-03-28 15:40 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-04-10 13:40 - 2014-04-11 00:20 - 36966968 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-23 19:19 - 2014-04-11 00:20 - 00886840 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-23 19:19 - 2014-04-11 00:20 - 00108600 _____ () C:\Users\Schule\AppData\Roaming\Spotify\Data\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2014 08:29:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/16/2014 02:30:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/16/2014 02:30:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/16/2014 02:30:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/16/2014 02:30:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/15/2014 10:50:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary lmizbsze.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (04/15/2014 10:29:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/15/2014 10:29:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (04/15/2014 07:31:39 PM) (Source: Application Hang) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16dc
Startzeit: 01cf58d08a5325b9
Endzeit: 1
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: cbcf260c-c4c3-11e3-bf73-50e549d5f581
Error: (04/15/2014 03:48:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1300
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
System errors:
=============
Error: (04/16/2014 11:27:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/16/2014 03:04:52 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/16/2014 03:03:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/16/2014 00:34:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/16/2014 00:33:28 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 16.04.2014 um 00:32:20 unerwartet heruntergefahren.
Error: (04/15/2014 10:25:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Error: (04/15/2014 10:23:49 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Util PlurPush" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/15/2014 10:23:48 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Update PlurPush" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/15/2014 07:25:14 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (04/15/2014 01:10:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4093.55 MB
Available physical RAM: 2269.41 MB
Total Pagefile: 8185.25 MB
Available Pagefile: 5241.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:135.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6312B514)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.04.2014, 20:43
| #9 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ Die Prüfungsergebnisse von Avast sind im Anhang zu finden. Btw was muss ich alles zu dem Programm wissen? |
|
16.04.2014, 20:44
| #10 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Was is IE9 und ServicePack1? und ja der Computer funktioniert schon deutlich besser. Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014
Ran by Botan at 2014-04-15 22:23:29 Run:1
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Online Weather] => C:\Users\Schule\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe
HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Windows Defender] => C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe [313344 2013-07-01] (Windows Defender)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-14]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Botan\AppData\Local\speedial.crx [2014-04-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-15] ()
R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-15] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-30] (StdLib)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B1809AF3-F82A-4DB0-9E89-832BB19903CF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Bekir&Botan\AppData\Roaming\newnext.me
C:\Users\Schule\AppData\Local\WebPlayer
C:\Users\Bekir&Botan\AppData\Local\Smartbar
C:\ProgramData\Windows\
C:\Program Files\McAfee Security Scan
C:\Program Files (x86)\PlurPush
C:\Windows\system32\TesSafe.sys
C:\Windows\System32\drivers\wStLibG64.sys
C:\Users\Botan\AppData\Local\speedial.crx
C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe
2014-04-03 22:06 - 2014-04-03 22:06 - 00000920 _____ () C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm
2014-04-03 21:59 - 2014-04-03 21:59 - 00000196 _____ () C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm
2014-04-03 21:54 - 2014-04-03 21:55 - 07083256 _____ (Welcome to YourFile Downloader!) C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe
C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll
C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe
C:\Users\Botan\AppData\Local\Temp\*.dll
C:\Users\Botan\AppData\Local\Temp\*.exe
C:\Users\Schule\AppData\Local\Temp\*.exe
C:\Users\Xebat\AppData\Local\Temp\*.exe
C:\Users\Schule\AppData\Local\Temp\*.dll
C:\Users\Xebat\AppData\Local\Temp\*.exe
*****************
HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Online Weather => Value not found.
HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => Value not found.
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value not found.
HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key deleted successfully.
C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO => Key deleted successfully.
C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll not found.
CHR DefaultSearchKeyword: mysearchdial.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully.
C:\Users\Botan\AppData\Local\speedial.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully.
"C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully.
"C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Update PlurPush => Unable to stop service
Update PlurPush => Service deleted successfully.
Util PlurPush => Unable to stop service
Util PlurPush => Service deleted successfully.
wStLibG64 => Unable to stop service
wStLibG64 => Service deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{248BFF8D-5ABB-40A3-B31F-8F84CE73A98F} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743AC67F-4CB9-4F96-A4FF-24064BC6E0A3} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1809AF3-F82A-4DB0-9E89-832BB19903CF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1809AF3-F82A-4DB0-9E89-832BB19903CF} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Users\Bekir&Botan\AppData\Roaming\newnext.me" => File/Directory not found.
"C:\Users\Schule\AppData\Local\WebPlayer" => File/Directory not found.
"C:\Users\Bekir&Botan\AppData\Local\Smartbar" => File/Directory not found.
C:\ProgramData\Windows => Moved successfully.
C:\Program Files\McAfee Security Scan => Moved successfully.
"C:\Program Files (x86)\PlurPush" directory move:
C:\Program Files (x86)\PlurPush\0 => Moved successfully.
C:\Program Files (x86)\PlurPush\7za.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\PlurPush.ico => Moved successfully.
C:\Program Files (x86)\PlurPush\PlurPushUninstall.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\updatePlurPush.InstallState => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\7za.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\BrowserAdapterS.7z => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\FilterApp_C64.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserAdapter.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPushBA.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPushBAApp.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\sqlite3.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.InstallState => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfs560E.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfs565D.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfsCCA4.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfsCCD3.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfsE519.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\TEMP\mfsE5A6.tmp => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.Bromon.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BrowserAdapterS.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.CompatibilityChecker.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.FFUpdate.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.IEUpdate.dll => Moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.PurBrowseG.dll => Moved successfully.
Could not move "C:\Program Files (x86)\PlurPush" directory. => Scheduled to move on reboot.
C:\Windows\system32\TesSafe.sys => Moved successfully.
C:\Windows\System32\drivers\wStLibG64.sys => Moved successfully.
"C:\Users\Botan\AppData\Local\speedial.crx" => File/Directory not found.
C:\Users\Botan\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
C:\Users\Botan\Downloads\SadiQ_-_TrafiQ_2014_.dlc => Moved successfully.
C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e.htm => Moved successfully.
C:\Users\Botan\Downloads\3996ceaf-51bc-43fa-b0fb-7a1459f3413e (1).htm => Moved successfully.
C:\Users\Botan\Downloads\SadiQ---TrafiQ-(2014)_downloader.exe => Moved successfully.
C:\Users\Bekir&Botan\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Bekir&Botan\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Botan\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Botan\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Schule\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Xebat\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Schule\AppData\Local\Temp\*.dll => Moved successfully.
"C:\Users\Xebat\AppData\Local\Temp\*.exe" => File/Directory not found.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-15 22:26:14)<=
C:\Program Files (x86)\PlurPush => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=74c472855899634ead891d0739e14949
# engine=17910
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 05:18:01
# local_time=2014-04-16 07:18:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=774 16777213 71 76 73575 73615 0 0
# compatibility_mode=5893 16776573 100 94 28068 149298531 0 0
# scanned=366506
# found=30
# cleaned=0
# scan_time=17190
sh=078FB2A3E5DE54C3737A4541242A4725C02C6B9C ft=1 fh=d760d12103e04038 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MiaggnyiPPic\51c7351647449.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\contentscript.js.vir"
sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\contentscript.js.vir"
sh=B8A15E2B817C650BB246EE96D859D190BC1E2FF5 ft=1 fh=056d0132ff61be3e vn="MSIL/CoinMiner.CM trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe"
sh=4FA174F176A0A3ED0C41BC6A5C54D51FACFB534F ft=1 fh=9d25dcec7d070c82 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\WindowsUpdate\rundll32.exe"
sh=05ED639942CC1E49D422789CE0BAAD7ADD22D1AA ft=0 fh=0000000000000000 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Windows\WindowsUpdate\rundll32.lnk"
sh=AF403E1D2C014FEB5B49354DFFE220A4741EAECA ft=1 fh=ebb6a3c55d41b422 vn="Win32/Adware.Lollipop.H application" ac=I fn="C:\FRST\Quarantine\C\Users\Schule\AppData\Local\Temp\instloffer.exe.xBAD"
sh=EA94BD6973CE722A1EBBD78554A369281FE1A2DE ft=1 fh=33e0d3904fd705f4 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Xebat\AppData\Local\Temp\LyricsPal.exe.xBAD"
sh=5348BD561F3AC044DBBDAA4898D6B9D31FBFF595 ft=1 fh=1b226d3a8e8a5ffc vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Xebat\AppData\Local\Temp\lyricstmp.exe.xBAD"
sh=32ADBAC553741526F9F6A537E7A97308D0CD21DF ft=1 fh=08b67f1784dc0558 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\ProgramData\AMD\KDB\dwm.exe"
sh=32ADBAC553741526F9F6A537E7A97308D0CD21DF ft=1 fh=08b67f1784dc0558 vn="MSIL/CoinMiner.CN trojan" ac=I fn="C:\Users\All Users\AMD\KDB\dwm.exe"
sh=3F7B7CF08A07483D45A4F5A0A8C64FEE0CFBE6D1 ft=1 fh=b91e9acba36107fd vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\Users\Botan\AppData\Local\Temp\is45637729\1974874_stp.EXE"
sh=9D1519C1A54ECB8A55339A5DB040C9CE9C869032 ft=1 fh=21c482d32e956120 vn="a variant of Win32/Injector.AWKK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EN1OLNNN\viewtopic[1].php"
sh=49462750C925D892DAB3D690C55CACFBA3ED1894 ft=0 fh=0000000000000000 vn="JS/Kryptik.APU trojan" ac=I fn="C:\Users\Schule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YGXC6DSW\technical[1].htm"
sh=9D1519C1A54ECB8A55339A5DB040C9CE9C869032 ft=1 fh=21c482d32e956120 vn="a variant of Win32/Injector.AWKK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\Low\bvtray.exe"
sh=E847ABD49144BD4608A580B8D74BA9C7AE0F55BC ft=1 fh=172864099d2e4610 vn="Win32/Agent.UJJ trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp306f3a4c\23.exe"
sh=BE00A8B0019A19D3B640ABBE3AE9718BB0A9AA45 ft=1 fh=dae9711f88cacd10 vn="a variant of Win32/Kryptik.BAXK trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp466a6cbe\33.exe"
sh=840FF4A02F82179E23CB1F6DE757CFCE47630003 ft=1 fh=bae0c0a9721e5188 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp7922a78e\ut.exe"
sh=840FF4A02F82179E23CB1F6DE757CFCE47630003 ft=1 fh=bae0c0a9721e5188 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmp7f8588c3\ut.exe"
sh=7630F581221888E622E479C3C4BD446ECAF5A186 ft=1 fh=c101aa4c58d2b03c vn="a variant of Win32/Kryptik.BAOX trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpb7fbfa3c\13.exe"
sh=AB289788E1B0BB9BB2D60DA086D61B4F631CAA02 ft=1 fh=41148c1388e53a23 vn="a variant of Win32/Kryptik.BAQL trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpc30cfb44\89.exe"
sh=82BEEA0B3EAF75F1BBF65FBBABF399A97EEE6D55 ft=1 fh=c3a5cb272dbdf656 vn="a variant of Win32/Kryptik.BBAM trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpd1a23059\34.exe"
sh=0ED353B6D858579DA60611D8B9033230282619E8 ft=1 fh=0e94236bc9e531e0 vn="a variant of Win32/Kryptik.BGBE trojan" ac=I fn="C:\Users\Schule\AppData\Local\Temp\tmpeb897682\14.exe"
sh=445A281D8236F06974CA5455B98A5FDD392A270E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.O trojan" ac=I fn="C:\Users\Schule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7f5abc86-7bae5ff1"
sh=436A37E289E55E56F61485E5E248D6F7246221A1 ft=1 fh=f9136369f620230b vn="a variant of Generik.MVICHXB trojan" ac=I fn="C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll"
sh=8E95552B10748C10CEB5EB9C79AA07B05F5852BC ft=1 fh=f91363691ff201c1 vn="a variant of Generik.EUNPGRH trojan" ac=I fn="C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll"
sh=E508ACD8F97A24F734F8CE8BA685BCBA296E5C7D ft=1 fh=858fb24a9fdda1dc vn="multiple threats" ac=I fn="C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe"
sh=23B4190248082916EB94D0304A9231BAB4498BE8 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Xebat\AppData\Local\Temp\che2FC9.tmp"
sh=8781D2528360A4FD04D256B9B752F64BB6B31358 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Xebat\AppData\Local\Temp\che596B.tmp"
|
|
17.04.2014, 22:27
| #11 | ||
| Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Hallo bekirikus, Zitat:
Ein Service Pack ist ein Wartungspaket für Windows, damit wird das Betriebssystem auf einen aktuellen Stand gebracht, Sicherheitslücken geschlossen, Fehler beseitigt, es ist sehr wichtig, dass beides aktuell ist. Zitat:
 Schritt 1 Bitte die Funde von Avast löschen lassen. Schritt 2 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll
C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll
C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe
C:\ProgramData\AMD\KDB\dwm.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
17.04.2014, 23:28
| #12 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Ich meine zu dem Virenprogramm AVAST. Was sollte ich dazu wissen? Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02
Ran by Botan at 2014-04-18 00:27:37 Run:2
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll
C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll
C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe
C:\ProgramData\AMD\KDB\dwm.exe
*****************
C:\Users\Schule\Desktop\Botan\Spam-Bot (XP).dll => Moved successfully.
C:\Users\Schule\Desktop\Botan\Spam-Bot (Vista & 7).dll => Moved successfully.
C:\Users\Schule\Desktop\Botan\Tools by Unpublished.exe => Moved successfully.
C:\ProgramData\AMD\KDB\dwm.exe => Moved successfully.
==== End of Fixlog ====
|
|
20.04.2014, 00:15
| #13 | |
| Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sZitat:
Fundevon Avast hattest du auch gelöscht? >OK< So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls du den ESET-Onlinescan nicht mehr benötigst, kannst Du ihn einfach über die Programmdeinstallation deinstallieren. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Falls nun noch Tools aus der Bereinigung auf deinem PC sind, kannst du diese besorgtlos selbst löschen. Updates / Programme aktualisieren
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
|
21.04.2014, 11:11
| #14 |
| | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Wenn ich SP1 installieren will kommt nach einiger Zeit folgende Fehlermeldung: ERROR_SXS_ASSEMBLY_MISSING (0x80073701) heißt das, dass ich zuerst die 36 anderen updates installieren sollte? |
|
21.04.2014, 20:14
| #15 |
| Ruhe in Frieden † 2019 | Internetverbindung schlecht, langsamer Computer und einfrieren des PC's Nein, das heißt, das dir ein wichtiger Systemordner fehlt. Ist das Ultimate legal?
|
|
| Themen zu Internetverbindung schlecht, langsamer Computer und einfrieren des PC's |
| browser, internetverbindung, java/exploit.cve-2013-2423.o, js/kryptik.apu, langsamer computer, mobogenie, mobogenie entfernen, msil/coinminer.cm, msil/coinminer.cn, nationzoom, nationzoom entfernen, seiten, verbindung, win32/adware.addlyrics.f, win32/adware.lollipop.h, win32/adware.multiplug.i, win32/adware.speedingupmypc.g, win32/adware.yontoo.b, win32/agent.ujj, win32/injector.awkk, win32/kryptik.baox, win32/kryptik.baql, win32/kryptik.baxk, win32/kryptik.bbam, win32/kryptik.bgbe, woche |
