| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Xperia Z, VanirAOSP Rom, DHL VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.08.2014, 00:21
| #1 |
| |  Xperia Z, VanirAOSP Rom, DHL Virus Hallo, ich habe mir auf meinem Sony Xperia Z einen Virus eingefangen, nämlich den DHL Virus: hxxp://bilder.augsburger-allgemeine.de/img/incoming/origs30255067/1385912744-w281-h960/screenshot.jpg So, mein Handy ist damit infiziert, da ich dem Link gefolgt bin. Sofort hat mein System sich gemeldet und gesagt, dass "google service framework" auffällig viele SMS schickt und ob ich das stoppen möchte. Natürlich habe ich der der App verboten weiter SMS zu senden. Dann dachte ich mir, dass ein System Wipe über das Recovery helfen könnte, aber nach dem System Wipe bleibt diese App immernoch installiert. Jetzt hat diese App vermutlich über den Chrome noch meinen PC infiziert, ich werde andauernd auf Flash-Downloadseiten umgeleitet mit automatischen Download einer "download.exe". Meine Google Suche nach "google service framework virus" ergab leider nur, dass der Virus wohl bekannt ist, es allerdings keine Möglichkeit gibt ihn zu entfernen. Wenn ich das richtig sehe muss ich einen neuen Google Account erstellen, Windows neu aufspielen und kann mein Handy nicht benutzen bis es etwas gegen diesen Virus gibt. Ich hoffe jemand kann mir helfen  Erwähnenswert ist noch, dass ich diese SMS nur an mir unbekannte Personen sende, die sich dann via Whatsapp bei mir melden und nicht an Leute in meiner Kontaktliste. Ich habe diese Nachricht auch von einer fremden Nummer bekommen |
|
20.08.2014, 06:48
| #2 |
| /// the machine /// TB-Ausbilder    | Xperia Z, VanirAOSP Rom, DHL Virus hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.08.2014, 12:41
| #3 |
| | Xperia Z, VanirAOSP Rom, DHL Virus Danke für die Antwort, ich habe FRST über meinen PC laufen lassen.
__________________Hier die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Clemens (administrator) on CLECLE on 20-08-2014 13:35:20
Running from C:\Users\Clemens\Downloads
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Arcai.com) F:\Programme\netcut\services\aips.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) F:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) F:\Programme\Hamachi\LMIGuardianSvc.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() F:\Programme\Sapphire TRIXX\TRIXX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Telegram (Unofficial)) F:\Programme\Telegram Win (Unofficial)\Telegram.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(LogMeIn Inc.) F:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) F:\Programme\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Copy Handler] => [X]
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => REM C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [WinampAgent] => F:\Programme\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\Programme\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\Programme\Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [Google Update] => C:\Users\Clemens\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-13] (Google Inc.)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [Steam] => F:\Programme\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [USBFlashCopy] => F:\Programme\USB Flash Copy\usbflashcopy.exe [280584 2013-12-21] ()
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [GoogleUpdater] => C:\Users\Clemens\AppData\Roaming\googleupdate.exe [1414656 2014-05-18] (Google Inc.)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\Run: [DAEMON Tools Lite] => F:\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-901330037-1135301586-749206047-1001\...\MountPoints2: {e5e442fe-eae2-11e2-bec9-806e6f6e6963} - "G:\Setup.exe"
Startup: C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> F:\Programme\Telegram Win (Unofficial)\Telegram.exe (Telegram (Unofficial))
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://url24.info/?id=5225w0021d2309
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x357418CE2762CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0CF05027-20D0-4694-A23C-0B535DEE176A} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKLM - {0CF05027-20D0-4694-A23C-0B535DEE176A} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0CF05027-20D0-4694-A23C-0B535DEE176A} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
SearchScopes: HKCU - {0CF05027-20D0-4694-A23C-0B535DEE176A} URL = hxxp://url24.info/?id=5225w0021d2309&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Java\JavaEditor\JDK\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Java\JavaEditor\JDK\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{E4420B68-D76B-4BCA-AC63-7A83E0143058}: [NameServer]8.8.8.8
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> H:\Java\JavaEditor\JDK\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Clemens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.duckduckgo.com/", "about:blank"
CHR DefaultSearchKeyword: duckduckgo.com_
CHR DefaultSearchProvider: DuckDuckGo
CHR DefaultSearchURL: https://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Clemens\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-13]
CHR Extension: (Google Drive) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-13]
CHR Extension: (YouTube) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-13]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2014-06-01]
CHR Extension: (Google-Suche) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-13]
CHR Extension: (Google Wallet) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (NotScripts) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2013-04-14]
CHR Extension: (Google Mail) - C:\Users\Clemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; F:\Programme\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 Hamachi2Svc; F:\Programme\Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-29] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 Andbus; C:\Windows\System32\drivers\lgandbus64.sys [19456 2010-01-25] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\system32\DRIVERS\lganddiag64.sys [27648 2010-01-25] (LG Electronics Inc.)
S3 AndGps; C:\Windows\system32\DRIVERS\lgandgps64.sys [27136 2010-01-25] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [33792 2010-01-25] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2013-08-29] (Sony Ericsson Mobile Communications) [File not signed]
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R3 TRIXX; \??\C:\Users\Clemens\AppData\Local\Temp\TRIXX.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 13:35 - 2014-08-20 13:35 - 00015826 _____ () C:\Users\Clemens\Downloads\FRST.txt
2014-08-20 13:34 - 2014-08-20 13:35 - 00000000 ____D () C:\FRST
2014-08-20 13:33 - 2014-08-20 13:33 - 02101760 _____ (Farbar) C:\Users\Clemens\Downloads\FRST64.exe
2014-08-20 00:26 - 2014-08-20 00:26 - 00065536 _____ () C:\Users\Clemens\Desktop\20-8-14.backup
2014-08-20 00:17 - 2014-08-20 00:20 - 205132850 _____ () C:\Users\Clemens\Desktop\pa_yuga-4.5-BETA2-20140812.zip
2014-08-20 00:17 - 2014-08-20 00:19 - 100168912 _____ () C:\Users\Clemens\Desktop\pa_gapps-modular-micro-4.4.4-20140818-signed.zip
2014-08-18 00:31 - 2014-08-18 00:31 - 01136575 _____ () C:\Users\Clemens\Downloads\cavestoryen.zip
2014-08-15 22:08 - 2014-08-15 22:08 - 00128214 _____ () C:\Users\Clemens\Downloads\Smart Statusbar.apk
2014-08-15 21:44 - 2014-08-15 21:45 - 06076185 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_v2_5_4_apkgalaxy_com.apk
2014-08-15 11:00 - 2014-08-15 11:00 - 00000000 ____D () C:\Users\Clemens\Documents\ManiaPlanet
2014-08-15 11:00 - 2014-08-15 11:00 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-08-15 00:44 - 2014-08-15 00:44 - 06229663 _____ (Józef Starosczyk ) C:\Users\Clemens\Downloads\chsetup-1.32Final.exe
2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\Users\Clemens\AppData\Local\Copy Handler
2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copy Handler
2014-08-14 21:59 - 2014-08-14 21:59 - 00675988 _____ () C:\Users\Clemens\Downloads\Minecraft (1).exe
2014-08-14 21:20 - 2014-08-02 02:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 21:20 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 01:28 - 2014-08-14 01:28 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-14 01:28 - 2014-08-14 01:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-14 01:28 - 2014-08-14 01:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 16:05 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 16:05 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 16:05 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:41 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 15:41 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 15:41 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 15:41 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-13 15:41 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 15:41 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 15:41 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 15:41 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 15:41 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 15:41 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 15:41 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 15:41 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 15:41 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 15:41 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 15:41 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-13 15:41 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 15:41 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 15:41 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 15:41 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 15:41 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 15:41 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 15:41 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 15:41 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 15:41 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 15:41 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 15:41 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 15:41 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 15:41 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 15:41 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 15:41 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 15:41 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 15:41 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 15:41 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 15:40 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 15:40 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-12 14:10 - 2014-08-12 19:24 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\tropico 4
2014-08-12 13:39 - 2014-08-12 13:39 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-11 16:59 - 2014-08-11 16:59 - 195400747 _____ () C:\Users\Clemens\Downloads\DU-KK_janice-4.4.4-20140629.zip
2014-08-11 16:57 - 2014-08-11 16:58 - 59129012 _____ () C:\Users\Clemens\Downloads\Slim_mini_gapps.4.4.4.build.7.x-187.zip
2014-08-11 03:14 - 2014-08-11 03:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-11 03:12 - 2014-08-11 03:17 - 195450443 _____ () C:\Users\Clemens\Downloads\OmniROM-4.4.4-20140809-janice-HOMEMADE.zip
2014-08-11 03:07 - 2014-08-11 03:07 - 07830548 _____ () C:\Users\Clemens\Downloads\winamp-1-4-15-es-en-br-fr-de-it-jp-android.apk
2014-08-11 02:53 - 2014-08-11 02:54 - 215136460 _____ () C:\Users\Clemens\Downloads\CarbonKK_janice-4.4.4-20140810.zip
2014-08-11 02:16 - 2014-08-11 02:16 - 00203676 _____ () C:\Users\Clemens\Downloads\Odin3-v1.85.zip
2014-08-10 23:50 - 2014-08-10 23:50 - 00003080 _____ () C:\Windows\System32\Tasks\{E5066331-9E06-491C-887E-CD049105A8A0}
2014-08-10 23:50 - 2014-08-10 23:50 - 00000000 ____D () C:\Users\Clemens\Documents\My ISO Files
2014-08-10 23:50 - 2014-08-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-08-10 23:48 - 2014-08-10 23:48 - 04235184 _____ (EZB Systems, Inc. ) C:\Users\Clemens\Downloads\uiso960_pe.exe
2014-08-10 23:36 - 2014-08-10 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-08-10 23:35 - 2014-08-10 23:35 - 13429504 _____ (Disc Soft Ltd) C:\Users\Clemens\Downloads\DTLite4491-0356.exe
2014-08-10 22:35 - 2014-08-10 22:35 - 04175210 _____ () C:\Users\Clemens\Downloads\Star.Wars.Battlefront.II.GERMAN.PROPER.iNTERNAL-VOLKSWAGEN.rar
2014-08-10 22:29 - 2014-08-10 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-08-10 21:01 - 2014-08-10 21:01 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-10 18:47 - 2014-08-10 18:47 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 18:26 - 2014-08-10 18:26 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\DesktopPlayer
2014-08-10 00:12 - 2014-08-10 00:12 - 00002080 _____ () C:\Users\Clemens\AppData\Local\recently-used.xbel
2014-08-10 00:09 - 2014-08-10 00:12 - 00000000 ____D () C:\Users\Clemens\AppData\Local\gtk-2.0
2014-08-10 00:09 - 2014-08-10 00:09 - 00000000 ____D () C:\Users\Clemens\.thumbnails
2014-08-08 13:32 - 2014-08-08 13:32 - 01172700 _____ () C:\Users\Clemens\Downloads\com.calsto.omega.statusbar.apk
2014-08-08 12:35 - 2014-08-08 12:35 - 17914643 _____ () C:\Users\Clemens\Downloads\WhatsApp.apk
2014-08-08 12:27 - 2014-08-08 12:27 - 05120810 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_2_3_1 (1).apk
2014-08-08 12:00 - 2014-08-08 12:16 - 164550265 _____ () C:\Users\Clemens\Downloads\Slim-condor-4.4.4.build.6-UNOFFICIAL-20140627-2005.zip
2014-08-08 11:43 - 2014-08-08 11:43 - 01206230 _____ () C:\Users\Clemens\Downloads\UPDATE-SuperSU-v1.94.zip
2014-08-08 11:24 - 2014-08-08 11:25 - 10516480 _____ () C:\Users\Clemens\Downloads\moto_e_twrp2.7.0.0_v1.2.img
2014-08-08 11:09 - 2014-08-08 11:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2014-08-06 22:54 - 2014-08-06 22:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-08-02 18:09 - 2014-08-02 18:09 - 05120810 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_2_3_1.apk
2014-08-02 17:51 - 2014-08-02 17:51 - 00050859 _____ () C:\Users\Clemens\Downloads\1.4.3 (1).crx
2014-08-02 17:50 - 2014-08-02 17:50 - 00050859 _____ () C:\Users\Clemens\Downloads\1.4.3.crx
2014-08-02 17:50 - 2014-08-02 17:50 - 00042239 _____ () C:\Users\Clemens\Downloads\apkdl143.zip
2014-08-02 17:47 - 2014-08-02 17:47 - 05527025 _____ () C:\Users\Clemens\Downloads\Wiser.apk
2014-08-02 17:32 - 2014-08-02 21:29 - 00000000 ____D () C:\Users\Clemens\AppData\Local\Genymobile
2014-08-02 17:32 - 2014-08-02 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-08-02 17:32 - 2014-08-02 17:32 - 00000000 ____D () C:\Program Files\Oracle
2014-08-02 17:32 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-08-02 17:32 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-08-02 17:31 - 2014-08-02 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2014-08-02 17:31 - 2014-08-02 17:31 - 00000000 ____D () C:\Program Files\Genymobile
2014-08-02 17:29 - 2014-08-02 17:30 - 122656544 _____ (Genymobile ) C:\Users\Clemens\Downloads\genymotion-2.2.2-vbox.exe
2014-08-01 23:47 - 2014-08-10 02:17 - 00000000 ____D () C:\Users\Clemens\Documents\TmForever
2014-08-01 23:47 - 2014-08-01 23:52 - 00000000 ____D () C:\ProgramData\TmForever
2014-08-01 23:47 - 2014-08-01 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-08-01 23:40 - 2014-08-01 23:45 - 530600781 _____ () C:\Users\Clemens\Downloads\tmnationsforever_setup.exe
2014-07-31 22:07 - 2014-07-31 22:07 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-31 22:07 - 2014-07-31 22:07 - 00000000 ____D () C:\Users\Clemens\AppData\Local\paint.net
2014-07-31 22:05 - 2014-07-31 22:05 - 06272852 _____ () C:\Users\Clemens\Downloads\paint.net.4.0.3.install.zip
2014-07-31 21:32 - 2014-08-10 00:12 - 00000000 ____D () C:\Users\Clemens\.gimp-2.8
2014-07-31 21:32 - 2014-07-31 21:32 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-31 21:32 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Clemens\AppData\Local\gegl-0.2
2014-07-31 21:32 - 2014-07-31 21:32 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-31 21:31 - 2014-07-31 21:31 - 90396104 _____ (The GIMP Team ) C:\Users\Clemens\Downloads\gimp-2.8.10-setup.exe
2014-07-31 13:38 - 2014-07-31 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-30 14:11 - 2014-07-30 14:11 - 00000000 ____D () C:\Users\Clemens\AppData\Local\LogMeIn
2014-07-30 14:11 - 2014-07-30 14:11 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-22 20:00 - 2014-07-22 20:00 - 00001263 _____ () C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ConfigurationTool.lnk
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-20 13:35 - 2014-08-20 13:35 - 00015826 _____ () C:\Users\Clemens\Downloads\FRST.txt
2014-08-20 13:35 - 2014-08-20 13:34 - 00000000 ____D () C:\FRST
2014-08-20 13:34 - 2012-07-26 12:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 13:34 - 2012-07-26 12:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 13:34 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 13:33 - 2014-08-20 13:33 - 02101760 _____ (Farbar) C:\Users\Clemens\Downloads\FRST64.exe
2014-08-20 13:32 - 2013-04-13 19:53 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\Skype
2014-08-20 13:30 - 2014-07-20 17:42 - 00000000 ____D () C:\Users\Clemens\AppData\Local\LogMeIn Hamachi
2014-08-20 13:30 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 01:12 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-20 01:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-20 01:01 - 2013-04-13 19:59 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\vlc
2014-08-20 00:40 - 2013-04-13 19:45 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001UA.job
2014-08-20 00:36 - 2012-07-26 09:21 - 00063413 _____ () C:\Windows\setupact.log
2014-08-20 00:29 - 2013-09-09 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 00:26 - 2014-08-20 00:26 - 00065536 _____ () C:\Users\Clemens\Desktop\20-8-14.backup
2014-08-20 00:20 - 2014-08-20 00:17 - 205132850 _____ () C:\Users\Clemens\Desktop\pa_yuga-4.5-BETA2-20140812.zip
2014-08-20 00:19 - 2014-08-20 00:17 - 100168912 _____ () C:\Users\Clemens\Desktop\pa_gapps-modular-micro-4.4.4-20140818-signed.zip
2014-08-20 00:08 - 2013-04-13 16:15 - 01525739 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 00:31 - 2014-08-18 00:31 - 01136575 _____ () C:\Users\Clemens\Downloads\cavestoryen.zip
2014-08-16 16:40 - 2013-04-13 19:45 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001Core.job
2014-08-15 22:08 - 2014-08-15 22:08 - 00128214 _____ () C:\Users\Clemens\Downloads\Smart Statusbar.apk
2014-08-15 21:45 - 2014-08-15 21:44 - 06076185 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_v2_5_4_apkgalaxy_com.apk
2014-08-15 14:33 - 2013-05-19 22:02 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\.minecraft
2014-08-15 11:07 - 2013-06-23 14:19 - 00000000 ____D () C:\Users\Clemens\Documents\My Games
2014-08-15 11:06 - 2013-04-15 17:49 - 00525862 _____ () C:\Windows\DirectX.log
2014-08-15 11:00 - 2014-08-15 11:00 - 00000000 ____D () C:\Users\Clemens\Documents\ManiaPlanet
2014-08-15 11:00 - 2014-08-15 11:00 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-08-15 00:44 - 2014-08-15 00:44 - 06229663 _____ (Józef Starosczyk ) C:\Users\Clemens\Downloads\chsetup-1.32Final.exe
2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\Users\Clemens\AppData\Local\Copy Handler
2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copy Handler
2014-08-14 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-14 21:59 - 2014-08-14 21:59 - 00675988 _____ () C:\Users\Clemens\Downloads\Minecraft (1).exe
2014-08-14 21:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 21:20 - 2014-07-14 16:01 - 00341160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 01:28 - 2014-08-14 01:28 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-14 01:28 - 2014-08-14 01:28 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-14 01:28 - 2014-08-14 01:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-14 01:28 - 2014-08-14 01:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 01:28 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-14 01:28 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-13 16:12 - 2013-08-17 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 16:09 - 2013-04-13 18:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 00:40 - 2013-04-13 16:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-901330037-1135301586-749206047-1001
2014-08-12 19:24 - 2014-08-12 14:10 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\tropico 4
2014-08-12 13:39 - 2014-08-12 13:39 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-11 16:59 - 2014-08-11 16:59 - 195400747 _____ () C:\Users\Clemens\Downloads\DU-KK_janice-4.4.4-20140629.zip
2014-08-11 16:58 - 2014-08-11 16:57 - 59129012 _____ () C:\Users\Clemens\Downloads\Slim_mini_gapps.4.4.4.build.7.x-187.zip
2014-08-11 16:44 - 2013-04-13 16:11 - 00022290 _____ () C:\Windows\PFRO.log
2014-08-11 03:17 - 2014-08-11 03:12 - 195450443 _____ () C:\Users\Clemens\Downloads\OmniROM-4.4.4-20140809-janice-HOMEMADE.zip
2014-08-11 03:14 - 2014-08-11 03:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-11 03:07 - 2014-08-11 03:07 - 07830548 _____ () C:\Users\Clemens\Downloads\winamp-1-4-15-es-en-br-fr-de-it-jp-android.apk
2014-08-11 02:54 - 2014-08-11 02:53 - 215136460 _____ () C:\Users\Clemens\Downloads\CarbonKK_janice-4.4.4-20140810.zip
2014-08-11 02:16 - 2014-08-11 02:16 - 00203676 _____ () C:\Users\Clemens\Downloads\Odin3-v1.85.zip
2014-08-10 23:50 - 2014-08-10 23:50 - 00003080 _____ () C:\Windows\System32\Tasks\{E5066331-9E06-491C-887E-CD049105A8A0}
2014-08-10 23:50 - 2014-08-10 23:50 - 00000000 ____D () C:\Users\Clemens\Documents\My ISO Files
2014-08-10 23:50 - 2014-08-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-08-10 23:48 - 2014-08-10 23:48 - 04235184 _____ (EZB Systems, Inc. ) C:\Users\Clemens\Downloads\uiso960_pe.exe
2014-08-10 23:36 - 2014-08-10 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-08-10 23:35 - 2014-08-10 23:35 - 13429504 _____ (Disc Soft Ltd) C:\Users\Clemens\Downloads\DTLite4491-0356.exe
2014-08-10 22:35 - 2014-08-10 22:35 - 04175210 _____ () C:\Users\Clemens\Downloads\Star.Wars.Battlefront.II.GERMAN.PROPER.iNTERNAL-VOLKSWAGEN.rar
2014-08-10 22:29 - 2014-08-10 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-08-10 22:29 - 2013-04-13 16:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-10 21:01 - 2014-08-10 21:01 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-10 20:29 - 2013-04-13 19:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 18:47 - 2014-08-10 18:47 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 18:26 - 2014-08-10 18:26 - 00000000 ____D () C:\Users\Clemens\AppData\Roaming\DesktopPlayer
2014-08-10 02:17 - 2014-08-01 23:47 - 00000000 ____D () C:\Users\Clemens\Documents\TmForever
2014-08-10 00:12 - 2014-08-10 00:12 - 00002080 _____ () C:\Users\Clemens\AppData\Local\recently-used.xbel
2014-08-10 00:12 - 2014-08-10 00:09 - 00000000 ____D () C:\Users\Clemens\AppData\Local\gtk-2.0
2014-08-10 00:12 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Clemens\.gimp-2.8
2014-08-10 00:09 - 2014-08-10 00:09 - 00000000 ____D () C:\Users\Clemens\.thumbnails
2014-08-10 00:09 - 2013-04-13 16:15 - 00000000 ____D () C:\Users\Clemens
2014-08-08 13:32 - 2014-08-08 13:32 - 01172700 _____ () C:\Users\Clemens\Downloads\com.calsto.omega.statusbar.apk
2014-08-08 12:35 - 2014-08-08 12:35 - 17914643 _____ () C:\Users\Clemens\Downloads\WhatsApp.apk
2014-08-08 12:27 - 2014-08-08 12:27 - 05120810 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_2_3_1 (1).apk
2014-08-08 12:16 - 2014-08-08 12:00 - 164550265 _____ () C:\Users\Clemens\Downloads\Slim-condor-4.4.4.build.6-UNOFFICIAL-20140627-2005.zip
2014-08-08 11:43 - 2014-08-08 11:43 - 01206230 _____ () C:\Users\Clemens\Downloads\UPDATE-SuperSU-v1.94.zip
2014-08-08 11:25 - 2014-08-08 11:24 - 10516480 _____ () C:\Users\Clemens\Downloads\moto_e_twrp2.7.0.0_v1.2.img
2014-08-08 11:09 - 2014-08-08 11:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2014-08-06 22:54 - 2014-08-06 22:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-08-02 21:29 - 2014-08-02 17:32 - 00000000 ____D () C:\Users\Clemens\AppData\Local\Genymobile
2014-08-02 18:09 - 2014-08-02 18:09 - 05120810 _____ () C:\Users\Clemens\Downloads\BIG_Launcher_2_3_1.apk
2014-08-02 17:59 - 2013-05-06 16:14 - 00000000 ____D () C:\Users\Clemens\.VirtualBox
2014-08-02 17:51 - 2014-08-02 17:51 - 00050859 _____ () C:\Users\Clemens\Downloads\1.4.3 (1).crx
2014-08-02 17:50 - 2014-08-02 17:50 - 00050859 _____ () C:\Users\Clemens\Downloads\1.4.3.crx
2014-08-02 17:50 - 2014-08-02 17:50 - 00042239 _____ () C:\Users\Clemens\Downloads\apkdl143.zip
2014-08-02 17:47 - 2014-08-02 17:47 - 05527025 _____ () C:\Users\Clemens\Downloads\Wiser.apk
2014-08-02 17:32 - 2014-08-02 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-08-02 17:32 - 2014-08-02 17:32 - 00000000 ____D () C:\Program Files\Oracle
2014-08-02 17:31 - 2014-08-02 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2014-08-02 17:31 - 2014-08-02 17:31 - 00000000 ____D () C:\Program Files\Genymobile
2014-08-02 17:30 - 2014-08-02 17:29 - 122656544 _____ (Genymobile ) C:\Users\Clemens\Downloads\genymotion-2.2.2-vbox.exe
2014-08-02 02:15 - 2014-08-14 21:20 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2014-08-14 21:20 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 23:52 - 2014-08-01 23:47 - 00000000 ____D () C:\ProgramData\TmForever
2014-08-01 23:47 - 2014-08-01 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-08-01 23:45 - 2014-08-01 23:40 - 530600781 _____ () C:\Users\Clemens\Downloads\tmnationsforever_setup.exe
2014-07-31 22:07 - 2014-07-31 22:07 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-31 22:07 - 2014-07-31 22:07 - 00000000 ____D () C:\Users\Clemens\AppData\Local\paint.net
2014-07-31 22:05 - 2014-07-31 22:05 - 06272852 _____ () C:\Users\Clemens\Downloads\paint.net.4.0.3.install.zip
2014-07-31 21:32 - 2014-07-31 21:32 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-31 21:32 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Clemens\AppData\Local\gegl-0.2
2014-07-31 21:32 - 2014-07-31 21:32 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-31 21:31 - 2014-07-31 21:31 - 90396104 _____ (The GIMP Team ) C:\Users\Clemens\Downloads\gimp-2.8.10-setup.exe
2014-07-31 13:38 - 2014-07-31 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-30 14:11 - 2014-07-30 14:11 - 00000000 ____D () C:\Users\Clemens\AppData\Local\LogMeIn
2014-07-30 14:11 - 2014-07-30 14:11 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-24 14:11 - 2014-08-13 15:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-13 15:41 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 14:10 - 2014-08-13 15:41 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-13 15:41 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-13 15:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-13 15:41 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-13 15:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-13 15:41 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-13 15:41 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-13 15:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-13 15:41 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-13 15:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-13 15:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-13 15:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-13 15:41 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-22 20:00 - 2014-07-22 20:00 - 00001263 _____ () C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ConfigurationTool.lnk
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some content of TEMP:
====================
C:\Users\Clemens\AppData\Local\Temp\adb.exe
C:\Users\Clemens\AppData\Local\Temp\AdbWinApi.dll
C:\Users\Clemens\AppData\Local\Temp\AdbWinUsbApi.dll
C:\Users\Clemens\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Clemens\AppData\Local\Temp\AskSLib.dll
C:\Users\Clemens\AppData\Local\Temp\AutoItX3.dll
C:\Users\Clemens\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Clemens\AppData\Local\Temp\comver.dll
C:\Users\Clemens\AppData\Local\Temp\DeviceRooter.exe
C:\Users\Clemens\AppData\Local\Temp\DIFxAPI.dll
C:\Users\Clemens\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Clemens\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Clemens\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Clemens\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\Clemens\AppData\Local\Temp\jna2229364927326325089.dll
C:\Users\Clemens\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Clemens\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Clemens\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Clemens\AppData\Local\Temp\OpenOffice_4.1.0_Win_x86_install_de.exe
C:\Users\Clemens\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Clemens\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\Clemens\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Clemens\AppData\Local\Temp\raptrpatch.exe
C:\Users\Clemens\AppData\Local\Temp\RescueRoot.exe
C:\Users\Clemens\AppData\Local\Temp\restarter123321963285660086.exe
C:\Users\Clemens\AppData\Local\Temp\restarter4180116076050952999.exe
C:\Users\Clemens\AppData\Local\Temp\restarter4743339526842145526.exe
C:\Users\Clemens\AppData\Local\Temp\restarter5273529908562467963.exe
C:\Users\Clemens\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Clemens\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Clemens\AppData\Local\Temp\sfextra.dll
C:\Users\Clemens\AppData\Local\Temp\SIntf16.dll
C:\Users\Clemens\AppData\Local\Temp\SIntf32.dll
C:\Users\Clemens\AppData\Local\Temp\SIntfNT.dll
C:\Users\Clemens\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Clemens\AppData\Local\Temp\sonarinst.exe
C:\Users\Clemens\AppData\Local\Temp\sqlite3.exe
C:\Users\Clemens\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Clemens\AppData\Local\Temp\uninst.exe
C:\Users\Clemens\AppData\Local\Temp\unlockphone1setup.exe
C:\Users\Clemens\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Clemens\AppData\Local\Temp\Updater.exe
C:\Users\Clemens\AppData\Local\Temp\VistaLauncher5904137481597413970.exe
C:\Users\Clemens\AppData\Local\Temp\VistaLauncher7758428770697081884.exe
C:\Users\Clemens\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Clemens\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-16 14:01
==================== End Of Log ============================
--- --- --- --- --- --- Hier die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Clemens at 2014-08-20 13:35:51
Running from C:\Users\Clemens\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8080 and Z80 Assembler Disassembler Suite (HKLM-x32\...\ST6UNST #1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
AMD Accelerated Video Transcoding (Version: 13.20.100.30921 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0921.356.5161 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{05F0EE9C-A87B-01B5-EE44-F344F6CC9023}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Android Studio (HKLM-x32\...\Android Studio) (Version: 1.0 - Google Inc.)
Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - )
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astah Community 6.7 (HKLM-x32\...\astah* community_is1) (Version: - Change Vision, Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Autostart-Manager (HKLM-x32\...\{5C2C73F6-CE73-4A01-868E-7045B7805334}) (Version: 6.02.0000 - Wirth IT Design )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
Copy Handler 1.32Final (HKLM\...\{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1) (Version: 1.32Final - Józef Starosczyk)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
Crysis Warhead (HKLM-x32\...\Steam App 17330) (Version: - Crytek)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fibrillation demo version 1.0 (HKLM-x32\...\{053901AB-EF41-4069-9318-1E18FE97D567}_is1) (Version: 1.0 - Mechanical Starling)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.11.0 - Androxyde)
Formelrechner (HKLM-x32\...\{69F0CEA4-43E2-4CBB-92DF-41860A40A631}) (Version: 1.00.0000 - Cornelsen Verlag)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.8.725 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.41.623 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.41.623 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Genymotion version 2.2.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.2.2 - Genymobile)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.36.0 - International GeoGebra Institute)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 2.2.0.0 - GitHub, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.00.0000 - Aspyr)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Homefront (HKLM-x32\...\Steam App 55100) (Version: - Kaos Studios)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java-Editor 12.1a, 2013.09.12 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG Android Driver (HKLM-x32\...\{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}) (Version: 1.0 - LG Electronics)
LibreOffice 4.1.6.2 (HKLM-x32\...\{146232A9-AB53-48A7-A102-56624D92C80D}) (Version: 4.1.6.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version: - Stegersaurus Software Inc.)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-449c341b-059b-4be5-993f-bddcd1cb7300) (Version: - Epic Games, Inc.)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version: - arcai.com)
Nexuiz (HKLM-x32\...\Steam App 96800) (Version: - IllFonic)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - Overkill)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Portal 2 - The Final Hours (HKLM-x32\...\Steam App 104600) (Version: - Geoff Keighley)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PROTOTYPE 2 (HKLM-x32\...\Steam App 115320) (Version: - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software)
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.00 - Razer USA Ltd.)
Red Faction (HKLM-x32\...\Steam App 20530) (Version: - Volition, Inc.)
Red Faction II (HKLM-x32\...\Steam App 20550) (Version: - Volition, Inc.)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version: - Volition)
RescueRoot (HKLM-x32\...\RescueRoot) (Version: 1.0 - RescueRoot)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version: - )
Secure Download Manager (HKLM-x32\...\{945F2AF5-290C-49AB-9459-3F7EFF0385C5}) (Version: 3.1.30 - Kivuto Solutions Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic and SEGA All Stars Racing (HKLM-x32\...\Steam App 34190) (Version: - Sumo Digital)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Telegram Win (Unofficial) version 0.5.16 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.5.16 - Telegram (Unofficial))
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version: - Black Pants Game Studio)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.4.15 - Electronic Arts)
Titanfall™-Beta (HKLM-x32\...\{E933BD1A-9B05-42A3-A1CF-3DA81C72E454}) (Version: 1.0.0.0 - Electronic Arts)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Toy Story 2 (HKLM-x32\...\Toy Story 2) (Version: - )
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UnLock Root 2.31 (HKLM-x32\...\UnLock Root) (Version: 2.31 - Unlcokroot)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XMedia Recode Version 3.1.5.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.4 - XMedia Recode)
YGOPro DevPro Version 1.9.2r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.2r2 - YGOPro DevPro Online)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-901330037-1135301586-749206047-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-901330037-1135301586-749206047-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901330037-1135301586-749206047-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901330037-1135301586-749206047-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Clemens\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
31-07-2014 20:07:02 paint.net v4.0.3
01-08-2014 21:47:02 DirectX wurde installiert
06-08-2014 12:38:53 Windows Update
10-08-2014 20:29:23 Installiert Star Wars Battlefront II
12-08-2014 10:03:08 DirectX wurde installiert
15-08-2014 09:06:25 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B5B151B-DAD9-4BCB-9DB3-7987CDA237F9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {0E5F4CBF-7203-4548-9E49-4D8829839F5F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-13] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2863A291-7E7D-4083-A5CC-EB449ECFF2D7} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {47C2F7A4-D007-4DA2-AF69-00029A4A1775} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {5ED0EEF1-09D7-4849-827C-A7E2F2045DE7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001Core => C:\Users\Clemens\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {7E09913A-8B3B-47FF-9783-C407FEB2D1DC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {823852D7-73A0-4D7A-A114-B85AE5BC5C66} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8479D348-F000-4AA3-9482-902EE5BDEDCE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001UA => C:\Users\Clemens\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A99E964C-A714-4F5D-AFDB-43291FE2AD3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CDCA01D2-0574-4703-B10E-CD34CD9689A2} - System32\Tasks\Sapphire TRIXX => F:\Programme\Sapphire TRIXX\TRIXX.exe [2013-02-07] ()
Task: {D730E0BE-48A4-4BA3-BBA3-A74B68AB8957} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001Core.job => C:\Users\Clemens\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901330037-1135301586-749206047-1001UA.job => C:\Users\Clemens\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-15 20:35 - 2013-09-29 20:03 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-02-07 11:38 - 2013-02-07 11:38 - 05534016 _____ () F:\Programme\Sapphire TRIXX\TRIXX.exe
2013-04-13 16:34 - 2010-05-05 16:56 - 00251392 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
2013-04-13 16:34 - 2010-04-27 14:41 - 00218112 _____ () C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-15 22:42 - 2014-08-07 05:20 - 00718152 _____ () C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 22:42 - 2014-08-07 05:20 - 00126280 _____ () C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 22:42 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 22:42 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 22:42 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\Clemens\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKCU\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "USBFlashCopy"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/16/2014 01:54:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: CLECLE)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/15/2014 09:46:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CLECLE)
Description: Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (08/15/2014 00:41:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm 7zFM.exe, Version 9.20.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1174
Startzeit: 01cfb810ca2b221d
Endzeit: 4294967295
Anwendungspfad: F:\Programme\7zip\7zFM.exe
Berichts-ID: 17c4bb63-2404-11e4-8019-4061868be396
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/14/2014 01:28:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MouseWithoutBordersHelper.exe, Version: 2.1.2.1212, Zeitstempel: 0x50dde89b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xf64
Startzeit der fehlerhaften Anwendung: 0xMouseWithoutBordersHelper.exe0
Pfad der fehlerhaften Anwendung: MouseWithoutBordersHelper.exe1
Pfad des fehlerhaften Moduls: MouseWithoutBordersHelper.exe2
Berichtskennung: MouseWithoutBordersHelper.exe3
Vollständiger Name des fehlerhaften Pakets: MouseWithoutBordersHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MouseWithoutBordersHelper.exe5
Error: (08/14/2014 01:28:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MouseWithoutBordersHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
bei System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
bei MouseWithoutBorders.Program.Main()
Error: (08/14/2014 01:28:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MouseWithoutBordersHelper.exe, Version: 2.1.2.1212, Zeitstempel: 0x50dde89b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xc40
Startzeit der fehlerhaften Anwendung: 0xMouseWithoutBordersHelper.exe0
Pfad der fehlerhaften Anwendung: MouseWithoutBordersHelper.exe1
Pfad des fehlerhaften Moduls: MouseWithoutBordersHelper.exe2
Berichtskennung: MouseWithoutBordersHelper.exe3
Vollständiger Name des fehlerhaften Pakets: MouseWithoutBordersHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MouseWithoutBordersHelper.exe5
Error: (08/14/2014 01:28:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MouseWithoutBordersHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
bei System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
bei MouseWithoutBorders.Program.Main()
Error: (08/13/2014 10:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4dbee
Name des fehlerhaften Moduls: webplayer_win.dll, Version: 4.3.7.33236, Zeitstempel: 0x536a098f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00151c62
ID des fehlerhaften Prozesses: 0x568
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5
Error: (08/12/2014 00:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Anna.exe, Version: 4.2.1.11687, Zeitstempel: 0x521c6950
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16912, Zeitstempel: 0x53645e25
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000435b2
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xAnna.exe0
Pfad der fehlerhaften Anwendung: Anna.exe1
Pfad des fehlerhaften Moduls: Anna.exe2
Berichtskennung: Anna.exe3
Vollständiger Name des fehlerhaften Pakets: Anna.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Anna.exe5
Error: (08/10/2014 11:50:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Au_.exe, Version: 4.49.1.356, Zeitstempel: 0x4bc06cda
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xAu_.exe0
Pfad der fehlerhaften Anwendung: Au_.exe1
Pfad des fehlerhaften Moduls: Au_.exe2
Berichtskennung: Au_.exe3
Vollständiger Name des fehlerhaften Pakets: Au_.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Au_.exe5
System errors:
=============
Error: (08/20/2014 01:30:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BlueStacks Android Service" ist vom Dienst "BlueStacks Hypervisor" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3
Error: (08/20/2014 01:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Log Rotator Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/20/2014 01:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Hypervisor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (08/20/2014 01:30:16 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (08/20/2014 01:30:11 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (08/19/2014 11:47:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BlueStacks Android Service" ist vom Dienst "BlueStacks Hypervisor" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3
Error: (08/19/2014 11:47:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Log Rotator Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/19/2014 11:47:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Hypervisor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (08/19/2014 11:47:12 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (08/19/2014 11:47:07 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (08/16/2014 01:54:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: CLECLE)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/15/2014 09:46:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CLECLE)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
Error: (08/15/2014 00:41:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 7zFM.exe9.20.0.0117401cfb810ca2b221d4294967295F:\Programme\7zip\7zFM.exe17c4bb63-2404-11e4-8019-4061868be396
Error: (08/14/2014 01:28:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MouseWithoutBordersHelper.exe2.1.2.121250dde89bKERNELBASE.dll6.2.9200.16864531d34d8e04343520000000000047b8cf6401cfb74e4d8877c8C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exeC:\Windows\system32\KERNELBASE.dll8b39c581-2341-11e4-8018-4061868be396
Error: (08/14/2014 01:28:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MouseWithoutBordersHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
bei System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
bei MouseWithoutBorders.Program.Main()
Error: (08/14/2014 01:28:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MouseWithoutBordersHelper.exe2.1.2.121250dde89bKERNELBASE.dll6.2.9200.16864531d34d8e04343520000000000047b8cc4001cfb74e4cedba2aC:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exeC:\Windows\system32\KERNELBASE.dll8adced5e-2341-11e4-8018-4061868be396
Error: (08/14/2014 01:28:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MouseWithoutBordersHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
bei System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
bei MouseWithoutBorders.Program.Main()
Error: (08/13/2014 10:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeewebplayer_win.dll4.3.7.33236536a098fc000000500151c6256801cfb7349933afefC:\Users\Clemens\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Clemens\AppData\LocalLow\Unity\WebPlayer\player\Stable3.x.x\webplayer_win.dlla7359c5f-2329-11e4-8018-4061868be396
Error: (08/12/2014 00:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Anna.exe4.2.1.11687521c6950ntdll.dll6.2.9200.1691253645e25c0000005000435b2b5401cfb61554598b8fF:\Programme\Steam\steamapps\common\Anna\AnnaExtended\Anna.exeC:\Windows\SYSTEM32\ntdll.dllb17b2d50-2208-11e4-8017-4061868be396
Error: (08/10/2014 11:50:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Au_.exe4.49.1.3564bc06cdaKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f22ba801cfb4e5260d4c41C:\Users\Clemens\AppData\Local\Temp\~nsu.tmp\Au_.exeC:\Windows\SYSTEM32\KERNELBASE.dll6632c52e-20d8-11e4-8015-4061868be396
CodeIntegrity Errors:
===================================
Date: 2013-08-31 15:04:27.015
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 15:04:26.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:27:03.078
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:27:02.813
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:24:49.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:24:49.423
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:16:59.111
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:16:58.893
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:13:55.627
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-31 14:13:55.393
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\seehcri.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 26%
Total physical RAM: 8151.07 MB
Available physical RAM: 6024.82 MB
Total Pagefile: 16343.07 MB
Available Pagefile: 14022.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.08 GB) (Free:37.35 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Daten) (Fixed) (Total:14.4 GB) (Free:1.2 GB) NTFS
Drive f: (Games) (Fixed) (Total:916.77 GB) (Free:282.73 GB) NTFS
Drive g: (ToyStory2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D69E599D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=350 MB) - (Type=42)
Partition 3: (Not Active) - (Size=931.2 GB) - (Type=42)
==================== End Of Log ============================
hxxp://www.fireeye.com/blog/technical/malware-research/2014/07/the-service-you-cant-refuse-a-secluded-hijackrat.html Geändert von R50M (20.08.2014 um 12:50 Uhr) |
|
21.08.2014, 08:03
| #4 | |
| /// the machine /// TB-Ausbilder | Xperia Z, VanirAOSP Rom, DHL Virus Das Handy kann man nicht bereinigen. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2014, 13:05
| #5 |
| | Xperia Z, VanirAOSP Rom, DHL Virus Ich habs getestet, daher weiß ich das. So hier wie ich den Virus losgeworden bin: 1. im alten Recovery jeden möglichen Wipe gemacht 2. neues Recovery samt Kernel geflashed 3. neue Rom installiert via ADB Sideload 4. neuen Google Account erstellt (Der Virus kann sich irgendwie neu installieren über den Playstore und über Chrome + Google Account verbreitet er sich auf PCs) 5. PC neu aufgesetzt 6. Alles in einen neuen Google Acc eingeloggt Wie ihr merkt das ihr den Virus habt: - Im Chrome, am PC werdet ihr am PC alle 3-10 Seitenaufrufe aufgefordert den Flash runterzuladen oder ihr werdet weitergeleitet zu koreanischen Bankseiten - Euer Handy sendet SMS mit Links zum App Download. Bis jetzt ist der Virus relativ harmlos, er verbreitet sich zwar schnell, greift aber nur koreanische Bankapps an. Oder leitet halt auf koreanische Bankseiten um, wenn man am PC ist. Hier ein Link zu der Programmierung dieses Viruses (ist aber eine alte Version): hxxp://www.fireeye.com/blog/technica...hijackrat.html |
|
22.08.2014, 13:16
| #6 |
| /// the machine /// TB-Ausbilder | Xperia Z, VanirAOSP Rom, DHL Virus ok
__________________ --> Xperia Z, VanirAOSP Rom, DHL Virus |
|
| Themen zu Xperia Z, VanirAOSP Rom, DHL Virus |
| aufspielen, automatische, automatischen, config, dhl virus, download.exe, eingefangen, fremden, gen, google, google account, handy, infiziert, leute, link, melden, neue, neuen, pc infiziert, recovery, service, sms, suche, system, umgeleitet, unbekannte, virus, whatsapp, windows, xperia |
