| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2014, 20:01
| #1 |
 |  Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Guten Tag, seit einigen Tagen gleicht meine Bandbreite scheinbar einer Schnecke. Jedoch nur an meinem Laptop. Handy und der danebenstehende Pc haben die volle Leistung. Auf meiner Suche habe ich folgenden Ordner entdeckt: C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Mit dieser Datei: WiseCustomCalla.dll Für mich wirkt dies ein wenig komisch und ich würde gerne wissen, was es damit auf sich hat. Danke für eure Hilfe, Marvin Metz |
|
28.09.2014, 20:14
| #2 |
| /// the machine /// TB-Ausbilder    | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.09.2014, 20:40
| #3 |
| | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Hier die FRST.txt eine Addition.txt wurde nicht erstellt. Sollte ich dafür den Hacken setzten?
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 01 Ran by Marvin (administrator) on MARVIN-LAPTOP on 28-09-2014 21:39:04 Running from C:\Users\Marvin\Desktop Loaded Profiles: Marvin & (Available profiles: Marvin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe () C:\Users\Marvin\AppData\Local\Amazon Music\Amazon Music Helper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3680688155-2668200437-4286530012-1000\...\MountPoints2: {a53d0adf-bbf1-11e3-aa41-d4bed9269220} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3680688155-2668200437-4286530012-1000\...\MountPoints2: {b17cbd96-9e24-11e3-8a42-d4bed9269220} - E:\SWINGRUN.EXE HKU\S-1-5-21-3680688155-2668200437-4286530012-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a53d0adf-bbf1-11e3-aa41-d4bed9269220} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3680688155-2668200437-4286530012-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b17cbd96-9e24-11e3-8a42-d4bed9269220} - E:\SWINGRUN.EXE AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x244FBE3871C4CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF NetworkProxy: "backup.ftp", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\abs@avira.com [2014-09-04] FF Extension: Firebug - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-04] FF Extension: FlashGot - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-22] FF Extension: NoScript - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21] FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-22] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-07-20] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-01] (Disc Soft Ltd) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-10-16] (AnchorFree Inc.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-07-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-02-08] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.) S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 21:39 - 2014-09-28 21:39 - 00016483 _____ () C:\Users\Marvin\Desktop\FRST.txt 2014-09-28 21:36 - 2014-09-28 21:37 - 00028730 _____ () C:\Users\Marvin\Downloads\FRST.txt 2014-09-28 21:35 - 2014-09-28 21:36 - 02108928 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe 2014-09-28 21:02 - 2014-09-28 21:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-28 20:44 - 2014-09-28 20:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-28 20:44 - 2014-09-28 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-28 15:16 - 2014-09-28 15:16 - 00000983 _____ () C:\Users\Public\Desktop\WTFast.lnk 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\Users\Marvin\AppData\Local\AAA_Internet_Publishing,_ 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\Program Files (x86)\WTFast 2014-09-28 15:16 - 2014-01-03 16:36 - 00079464 _____ (Initex) C:\Windows\system32\WTFastDrv.dll 2014-09-28 15:16 - 2014-01-03 16:36 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll 2014-09-28 15:16 - 2014-01-03 16:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2014-09-28 15:06 - 2014-09-28 15:07 - 05696256 _____ (Initex & AAA Internet Publishing ) C:\Users\Marvin\Downloads\WTFastSetup.3.2.13.309.exe 2014-09-28 01:33 - 2014-09-28 01:33 - 00000000 ____D () C:\Users\Marvin\Desktop\data 2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-23 23:02 - 2014-09-23 23:03 - 00000000 ____D () C:\Users\Marvin\Desktop\MusikCDS 2014-09-21 23:21 - 2014-09-07 17:43 - 09279247 _____ () C:\Users\Marvin\Desktop\Juli-JS.jar 2014-09-21 23:19 - 2014-09-21 23:19 - 00000000 ____D () C:\Users\Marvin\Downloads\data 2014-09-21 23:18 - 2014-09-21 23:19 - 17641177 _____ () C:\Users\Marvin\Downloads\1.1.4.zip 2014-09-17 23:24 - 2014-09-17 23:24 - 01789642 _____ () C:\Users\Marvin\Downloads\Voyage_dans_les_iles_L.zip 2014-09-16 19:51 - 2014-09-15 03:00 - 00002084 _____ () C:\Users\Marvin\Desktop\2014-09-15-1.log.gz 2014-09-15 16:01 - 2014-09-15 16:02 - 02377725 _____ () C:\Users\Marvin\Downloads\StatisticsBundle.zip 2014-09-14 22:26 - 2014-09-14 22:27 - 01315785 _____ () C:\Users\Marvin\Downloads\ProtocolLib-3.4.0.jar 2014-09-14 22:25 - 2014-09-14 22:25 - 00053657 _____ () C:\Users\Marvin\Downloads\FakePlayersOnline.jar 2014-09-14 18:38 - 2014-09-14 18:38 - 00001216 _____ () C:\Users\Public\Desktop\Magic Ball 2.lnk 2014-09-14 18:38 - 2014-09-14 18:38 - 00001135 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-09-14 18:38 - 2014-09-14 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT 2014-09-14 18:38 - 2014-09-14 18:38 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-09-14 18:35 - 2014-09-14 18:36 - 11371039 _____ (INTENIUM GmbH) C:\Users\Marvin\Desktop\MagicBall2.exe 2014-09-14 18:33 - 2014-09-14 18:33 - 00367456 _____ () C:\Users\Marvin\Downloads\SoftonicDownloader_fuer_magic-ball-2.exe 2014-09-14 18:17 - 2014-09-14 18:17 - 00000019 _____ () C:\Windows\popcinfo.dat 2014-09-14 18:13 - 2014-09-14 18:14 - 00000000 ____D () C:\Program Files (x86)\Insaniquarium! Deluxe 2014-09-14 18:13 - 2014-09-14 18:13 - 00002026 _____ () C:\Users\Public\Desktop\Spiel Insaniquarium! Deluxe.lnk 2014-09-14 18:13 - 2014-09-14 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Insaniquarium! Deluxe 2014-09-14 18:12 - 2014-09-14 18:12 - 00000963 _____ () C:\Users\Public\Desktop\Spiele.lnk 2014-09-14 18:11 - 2014-09-14 18:33 - 00000000 ____D () C:\ProgramData\Big Fish 2014-09-14 18:07 - 2014-09-14 18:33 - 00000000 ____D () C:\BigFishCache 2014-09-14 18:07 - 2014-09-14 18:11 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Big Fish 2014-09-14 18:04 - 2014-09-14 18:04 - 00000000 ____D () C:\Program Files (x86)\OXXOGames 2014-09-14 17:59 - 2014-09-14 18:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Alawar 2014-09-14 17:54 - 2014-09-14 17:55 - 03035432 _____ () C:\Users\Marvin\Downloads\strikeball3_setup.exe 2014-09-14 17:52 - 2014-09-14 17:54 - 35958680 _____ (INTENIUM GmbH) C:\Users\Marvin\Downloads\StrikeBall3.exe 2014-09-14 17:28 - 2014-09-14 17:28 - 00002920 _____ () C:\Windows\System32\Tasks\{EAD786A0-6103-4166-8D2E-706576C92272} 2014-09-14 17:27 - 2014-09-14 17:27 - 00002920 _____ () C:\Windows\System32\Tasks\{A9A2CBD7-66FF-4D28-862E-6DABAC6EF6B3} 2014-09-14 15:01 - 2014-09-14 15:01 - 00115956 _____ () C:\Users\Marvin\Downloads\World Longgest AFK Pool.rar 2014-09-10 21:59 - 2014-09-10 21:59 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 16:43 - 2014-09-10 16:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-08 00:22 - 2014-09-08 00:22 - 00001460 _____ () C:\Users\Marvin\Desktop\exx.ppk 2014-09-08 00:15 - 2014-09-08 00:15 - 00001460 _____ () C:\Users\Marvin\Desktop\keysshp.ppk 2014-09-08 00:15 - 2014-09-08 00:15 - 00000468 _____ () C:\Users\Marvin\Desktop\keyssh 2014-09-08 00:13 - 2014-09-08 00:13 - 00184320 _____ (Simon Tatham) C:\Users\Marvin\Downloads\puttygen.exe 2014-09-08 00:11 - 2014-09-08 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git 2014-09-08 00:10 - 2014-09-08 00:11 - 00000000 ____D () C:\Program Files (x86)\Git 2014-09-08 00:08 - 2014-09-08 00:10 - 17806885 _____ (The Git Development Community ) C:\Users\Marvin\Downloads\Git-1.9.4-preview20140815.exe 2014-09-04 23:50 - 2014-09-04 23:49 - 00001511 _____ () C:\Users\Marvin\Desktop\bukkit.yml 2014-09-02 21:24 - 2014-09-02 21:24 - 00008658 _____ () C:\Users\Marvin\Downloads\VoteCmd(1).jar 2014-09-02 20:58 - 2014-09-02 20:58 - 00008630 _____ () C:\Users\Marvin\Downloads\VoteCmd.jar 2014-08-29 20:05 - 2014-08-29 20:06 - 02782320 _____ (Beepa Pty Ltd) C:\Users\Marvin\Downloads\Fraps 3.5.99 Build 15618.exe 2014-08-29 20:04 - 2014-08-29 20:04 - 00067137 _____ () C:\Users\Marvin\Downloads\DragonServerAnalyse.jar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 21:39 - 2014-03-18 13:47 - 00000000 ____D () C:\FRST 2014-09-28 21:02 - 2014-07-09 01:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-28 20:58 - 2013-10-09 10:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-28 20:51 - 2009-07-14 06:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-28 20:51 - 2009-07-14 06:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-28 20:49 - 2013-10-08 23:00 - 01834211 _____ () C:\Windows\WindowsUpdate.log 2014-09-28 20:46 - 2013-10-09 15:08 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype 2014-09-28 20:46 - 2013-10-09 01:39 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-28 20:44 - 2013-10-09 15:08 - 00000000 ____D () C:\ProgramData\Skype 2014-09-28 20:41 - 2013-10-09 00:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-28 20:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-28 20:41 - 2009-07-14 06:51 - 00130301 _____ () C:\Windows\setupact.log 2014-09-28 20:40 - 2013-10-09 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 20:40 - 2010-11-21 05:47 - 00746164 _____ () C:\Windows\PFRO.log 2014-09-28 17:47 - 2014-04-10 22:17 - 00000000 ____D () C:\Users\Marvin\Desktop\eclipse_luna 2014-09-28 17:03 - 2013-10-09 00:09 - 00007614 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg 2014-09-28 15:21 - 2013-10-09 01:44 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\.minecraft 2014-09-27 14:56 - 2013-10-09 00:39 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client 2014-09-27 14:32 - 2014-04-20 19:25 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd 2014-09-25 15:32 - 2014-07-28 00:56 - 00033280 ___SH () C:\Users\Marvin\Desktop\Thumbs.db 2014-09-23 22:50 - 2013-10-09 12:15 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND 2014-09-22 15:28 - 2013-10-11 10:46 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Eclipse 2014-09-22 15:28 - 2013-10-09 01:40 - 00000000 ____D () C:\Program Files (x86)\eclipse 2014-09-21 23:24 - 2013-10-09 01:32 - 00000000 ____D () C:\Users\Marvin\Desktop\Marvin 2014-09-21 18:04 - 2013-10-09 08:54 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-09-21 18:04 - 2013-10-09 08:54 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-09-21 18:04 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-21 13:27 - 2014-08-23 15:24 - 00055921 _____ () C:\Users\Marvin\Desktop\Unbenannt 2.ods 2014-09-21 13:13 - 2014-08-09 14:36 - 00145920 ___SH () C:\Users\Marvin\Documents\Thumbs.db 2014-09-17 23:35 - 2013-11-22 00:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 18:50 - 2013-10-09 01:43 - 00000000 ____D () C:\Users\Marvin\Desktop\workspace 2014-09-14 18:34 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-14 18:23 - 2013-10-09 15:29 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-14 18:20 - 2013-11-06 16:15 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps 2014-09-14 15:12 - 2014-01-05 01:17 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-10 21:59 - 2013-10-09 10:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 21:59 - 2013-10-09 10:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 21:59 - 2013-10-09 10:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 19:55 - 2013-10-30 16:23 - 00000000 ____D () C:\Users\Marvin\git 2014-09-10 19:54 - 2013-12-02 20:57 - 00000000 ____D () C:\Users\Marvin\.ssh 2014-09-10 19:53 - 2013-10-08 23:04 - 00000000 ____D () C:\Users\Marvin 2014-09-10 16:43 - 2014-03-30 10:29 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-10 16:43 - 2014-03-30 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-10 16:43 - 2013-10-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-31 23:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-30 20:05 - 2014-07-28 00:58 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher Some content of TEMP: ==================== C:\Users\Marvin\AppData\Local\Temp\avgnt.exe C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Spigot-1543.dll C:\Users\Marvin\AppData\Local\Temp\tempmessage.bfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 19:25 ==================== End Of Log ============================ |
|
29.09.2014, 16:08
| #4 |
| /// the machine /// TB-Ausbilder | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP FRST öffnen, Haken bei Addition, dann nochmal 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2014, 16:45
| #5 |
| | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP So. Hier die neuen Loggs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 01 Ran by Marvin (administrator) on MARVIN-LAPTOP on 29-09-2014 17:42:57 Running from C:\Users\Marvin\Desktop Loaded Profiles: Marvin (Available profiles: Marvin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe () C:\Users\Marvin\AppData\Local\Amazon Music\Amazon Music Helper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\SndVol.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3680688155-2668200437-4286530012-1000\...\MountPoints2: {a53d0adf-bbf1-11e3-aa41-d4bed9269220} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3680688155-2668200437-4286530012-1000\...\MountPoints2: {b17cbd96-9e24-11e3-8a42-d4bed9269220} - E:\SWINGRUN.EXE HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5085416 2014-09-28] (Avira) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x244FBE3871C4CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF NetworkProxy: "backup.ftp", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "wwwproxy.bahn-net.db.de" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\abs@avira.com [2014-09-04] FF Extension: Firebug - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-04] FF Extension: FlashGot - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-22] FF Extension: NoScript - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21] FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\teinz99j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-22] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-07-20] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-01] (Disc Soft Ltd) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-10-16] (AnchorFree Inc.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-07-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-02-08] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.) S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 22:44 - 2014-09-28 22:44 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2014-09-28 22:44 - 2014-09-28 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2014-09-28 21:39 - 2014-09-29 17:43 - 00016747 _____ () C:\Users\Marvin\Desktop\FRST.txt 2014-09-28 21:36 - 2014-09-28 21:37 - 00028730 _____ () C:\Users\Marvin\Downloads\FRST.txt 2014-09-28 21:35 - 2014-09-28 21:36 - 02108928 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe 2014-09-28 21:02 - 2014-09-28 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-28 20:44 - 2014-09-28 20:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-28 20:44 - 2014-09-28 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-28 15:16 - 2014-09-28 15:16 - 00000983 _____ () C:\Users\Public\Desktop\WTFast.lnk 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\Users\Marvin\AppData\Local\AAA_Internet_Publishing,_ 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast 2014-09-28 15:16 - 2014-09-28 15:16 - 00000000 ____D () C:\Program Files (x86)\WTFast 2014-09-28 15:16 - 2014-01-03 16:36 - 00079464 _____ (Initex) C:\Windows\system32\WTFastDrv.dll 2014-09-28 15:16 - 2014-01-03 16:36 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll 2014-09-28 15:16 - 2014-01-03 16:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2014-09-28 15:06 - 2014-09-28 15:07 - 05696256 _____ (Initex & AAA Internet Publishing ) C:\Users\Marvin\Downloads\WTFastSetup.3.2.13.309.exe 2014-09-28 01:33 - 2014-09-28 01:33 - 00000000 ____D () C:\Users\Marvin\Desktop\data 2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-23 23:02 - 2014-09-23 23:03 - 00000000 ____D () C:\Users\Marvin\Desktop\MusikCDS 2014-09-21 23:21 - 2014-09-07 17:43 - 09279247 _____ () C:\Users\Marvin\Desktop\Juli-JS.jar 2014-09-21 23:19 - 2014-09-21 23:19 - 00000000 ____D () C:\Users\Marvin\Downloads\data 2014-09-21 23:18 - 2014-09-21 23:19 - 17641177 _____ () C:\Users\Marvin\Downloads\1.1.4.zip 2014-09-17 23:24 - 2014-09-17 23:24 - 01789642 _____ () C:\Users\Marvin\Downloads\Voyage_dans_les_iles_L.zip 2014-09-16 19:51 - 2014-09-15 03:00 - 00002084 _____ () C:\Users\Marvin\Desktop\2014-09-15-1.log.gz 2014-09-15 16:01 - 2014-09-15 16:02 - 02377725 _____ () C:\Users\Marvin\Downloads\StatisticsBundle.zip 2014-09-14 22:26 - 2014-09-14 22:27 - 01315785 _____ () C:\Users\Marvin\Downloads\ProtocolLib-3.4.0.jar 2014-09-14 22:25 - 2014-09-14 22:25 - 00053657 _____ () C:\Users\Marvin\Downloads\FakePlayersOnline.jar 2014-09-14 18:38 - 2014-09-14 18:38 - 00001216 _____ () C:\Users\Public\Desktop\Magic Ball 2.lnk 2014-09-14 18:38 - 2014-09-14 18:38 - 00001135 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-09-14 18:38 - 2014-09-14 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT 2014-09-14 18:38 - 2014-09-14 18:38 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-09-14 18:35 - 2014-09-14 18:36 - 11371039 _____ (INTENIUM GmbH) C:\Users\Marvin\Desktop\MagicBall2.exe 2014-09-14 18:33 - 2014-09-14 18:33 - 00367456 _____ () C:\Users\Marvin\Downloads\SoftonicDownloader_fuer_magic-ball-2.exe 2014-09-14 18:17 - 2014-09-14 18:17 - 00000019 _____ () C:\Windows\popcinfo.dat 2014-09-14 18:13 - 2014-09-14 18:14 - 00000000 ____D () C:\Program Files (x86)\Insaniquarium! Deluxe 2014-09-14 18:13 - 2014-09-14 18:13 - 00002026 _____ () C:\Users\Public\Desktop\Spiel Insaniquarium! Deluxe.lnk 2014-09-14 18:13 - 2014-09-14 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Insaniquarium! Deluxe 2014-09-14 18:12 - 2014-09-14 18:12 - 00000963 _____ () C:\Users\Public\Desktop\Spiele.lnk 2014-09-14 18:11 - 2014-09-14 18:33 - 00000000 ____D () C:\ProgramData\Big Fish 2014-09-14 18:07 - 2014-09-14 18:33 - 00000000 ____D () C:\BigFishCache 2014-09-14 18:07 - 2014-09-14 18:11 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Big Fish 2014-09-14 18:04 - 2014-09-14 18:04 - 00000000 ____D () C:\Program Files (x86)\OXXOGames 2014-09-14 17:59 - 2014-09-14 18:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Alawar 2014-09-14 17:54 - 2014-09-14 17:55 - 03035432 _____ () C:\Users\Marvin\Downloads\strikeball3_setup.exe 2014-09-14 17:52 - 2014-09-14 17:54 - 35958680 _____ (INTENIUM GmbH) C:\Users\Marvin\Downloads\StrikeBall3.exe 2014-09-14 17:28 - 2014-09-14 17:28 - 00002920 _____ () C:\Windows\System32\Tasks\{EAD786A0-6103-4166-8D2E-706576C92272} 2014-09-14 17:27 - 2014-09-14 17:27 - 00002920 _____ () C:\Windows\System32\Tasks\{A9A2CBD7-66FF-4D28-862E-6DABAC6EF6B3} 2014-09-14 15:01 - 2014-09-14 15:01 - 00115956 _____ () C:\Users\Marvin\Downloads\World Longgest AFK Pool.rar 2014-09-10 21:59 - 2014-09-10 21:59 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 16:43 - 2014-09-10 16:43 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-08 00:22 - 2014-09-08 00:22 - 00001460 _____ () C:\Users\Marvin\Desktop\exx.ppk 2014-09-08 00:15 - 2014-09-08 00:15 - 00001460 _____ () C:\Users\Marvin\Desktop\keysshp.ppk 2014-09-08 00:15 - 2014-09-08 00:15 - 00000468 _____ () C:\Users\Marvin\Desktop\keyssh 2014-09-08 00:13 - 2014-09-08 00:13 - 00184320 _____ (Simon Tatham) C:\Users\Marvin\Downloads\puttygen.exe 2014-09-08 00:11 - 2014-09-08 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git 2014-09-08 00:10 - 2014-09-08 00:11 - 00000000 ____D () C:\Program Files (x86)\Git 2014-09-08 00:08 - 2014-09-08 00:10 - 17806885 _____ (The Git Development Community ) C:\Users\Marvin\Downloads\Git-1.9.4-preview20140815.exe 2014-09-04 23:50 - 2014-09-04 23:49 - 00001511 _____ () C:\Users\Marvin\Desktop\bukkit.yml 2014-09-02 21:24 - 2014-09-02 21:24 - 00008658 _____ () C:\Users\Marvin\Downloads\VoteCmd(1).jar 2014-09-02 20:58 - 2014-09-02 20:58 - 00008630 _____ () C:\Users\Marvin\Downloads\VoteCmd.jar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 17:43 - 2014-03-18 13:47 - 00000000 ____D () C:\FRST 2014-09-29 17:34 - 2013-10-09 15:08 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype 2014-09-29 17:30 - 2013-10-09 01:44 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\.minecraft 2014-09-29 16:58 - 2013-10-09 10:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-29 15:18 - 2013-10-09 01:39 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-29 15:04 - 2013-10-09 00:39 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client 2014-09-29 15:04 - 2013-10-08 23:00 - 01878977 _____ () C:\Windows\WindowsUpdate.log 2014-09-29 15:04 - 2009-07-14 06:51 - 00130357 _____ () C:\Windows\setupact.log 2014-09-29 15:03 - 2014-07-09 01:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-28 22:44 - 2013-10-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-28 22:37 - 2013-10-09 00:09 - 00007614 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg 2014-09-28 20:51 - 2009-07-14 06:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-28 20:51 - 2009-07-14 06:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-28 20:44 - 2013-10-09 15:08 - 00000000 ____D () C:\ProgramData\Skype 2014-09-28 20:41 - 2013-10-09 00:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-28 20:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-28 20:40 - 2013-10-09 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 20:40 - 2010-11-21 05:47 - 00746164 _____ () C:\Windows\PFRO.log 2014-09-28 17:47 - 2014-04-10 22:17 - 00000000 ____D () C:\Users\Marvin\Desktop\eclipse_luna 2014-09-27 14:32 - 2014-04-20 19:25 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd 2014-09-25 15:32 - 2014-07-28 00:56 - 00033280 ___SH () C:\Users\Marvin\Desktop\Thumbs.db 2014-09-23 22:50 - 2013-10-09 12:15 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND 2014-09-22 15:28 - 2013-10-11 10:46 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Eclipse 2014-09-22 15:28 - 2013-10-09 01:40 - 00000000 ____D () C:\Program Files (x86)\eclipse 2014-09-21 23:24 - 2013-10-09 01:32 - 00000000 ____D () C:\Users\Marvin\Desktop\Marvin 2014-09-21 18:04 - 2013-10-09 08:54 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-09-21 18:04 - 2013-10-09 08:54 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-09-21 18:04 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-21 13:27 - 2014-08-23 15:24 - 00055921 _____ () C:\Users\Marvin\Desktop\Unbenannt 2.ods 2014-09-21 13:13 - 2014-08-09 14:36 - 00145920 ___SH () C:\Users\Marvin\Documents\Thumbs.db 2014-09-17 23:35 - 2013-11-22 00:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 18:50 - 2013-10-09 01:43 - 00000000 ____D () C:\Users\Marvin\Desktop\workspace 2014-09-14 18:34 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-14 18:23 - 2013-10-09 15:29 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-14 18:20 - 2013-11-06 16:15 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps 2014-09-14 15:12 - 2014-01-05 01:17 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-10 21:59 - 2013-10-09 10:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 21:59 - 2013-10-09 10:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 21:59 - 2013-10-09 10:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 19:55 - 2013-10-30 16:23 - 00000000 ____D () C:\Users\Marvin\git 2014-09-10 19:54 - 2013-12-02 20:57 - 00000000 ____D () C:\Users\Marvin\.ssh 2014-09-10 19:53 - 2013-10-08 23:04 - 00000000 ____D () C:\Users\Marvin 2014-09-10 16:43 - 2014-03-30 10:29 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-10 16:43 - 2014-03-30 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-31 23:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-30 20:05 - 2014-07-28 00:58 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher Some content of TEMP: ==================== C:\Users\Marvin\AppData\Local\Temp\avgnt.exe C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Spigot-1543.dll C:\Users\Marvin\AppData\Local\Temp\tempmessage.bfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 19:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 01
Ran by Marvin at 2014-09-29 17:43:50
Running from C:\Users\Marvin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
10,000,000 (HKLM-x32\...\Steam App 227580) (Version: - EightyEightGames)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version: - BlueByte)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AudioCon (HKLM-x32\...\AudioCon) (Version: 1.0 - Basement Softworks)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira System Speedup (HKLM-x32\...\AviraSpeedup) (Version: 1.3.1.9930 - Avira System Speedup)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Breath of Death VII (HKLM-x32\...\Steam App 107300) (Version: - Zeboyd Games)
BRINK (HKLM-x32\...\Steam App 22350) (Version: - Splash Damage)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Car Tycoon (HKLM-x32\...\{1A75D40F-0DAB-47E1-BE66-85FD5703D1EE}) (Version: 1.00.0000 - Fishtank Interactive)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crazy Machines (HKLM-x32\...\Steam App 18420) (Version: - Fakt Software)
Crazy Machines 1.5 Inventors Training Camp (HKLM-x32\...\Steam App 18460) (Version: - Fakt Software)
Crazy Machines 1.5 New from the Lab (HKLM-x32\...\Steam App 18450) (Version: - Fakt Software)
Crazy Machines 2 (HKLM-x32\...\Steam App 18400) (Version: - Fakt Software)
Crazy Machines Elements (HKLM-x32\...\Steam App 206410) (Version: - Fakt Software)
Crazy Machines: Golden Gears (HKLM-x32\...\Steam App 265240) (Version: - FAKT Software Gmbh)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Darwinia (HKLM-x32\...\Steam App 1500) (Version: - Introversion Software)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version: - Positech Games)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version: - id Software)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - Mode 7)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Git version 1.9.4-preview20140815 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140815 - The Git Development Community)
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 1.2.3.0 - GitHub, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version: - IO Interactive)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - IO Interactive)
Hitman: Codename 47 (HKLM-x32\...\Steam App 6900) (Version: - IO Interactive)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version: - IO Interactive)
Hive (HKLM-x32\...\Steam App 251210) (Version: - Blueline Games)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
Indie Game: The Movie (HKLM-x32\...\Steam App 207080) (Version: - BlinkWorks Media)
Insaniquarium! Deluxe (HKLM-x32\...\BFG-Insaniquarium! Deluxe) (Version: - )
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
IntelliJ IDEA 13.1.1 (HKLM-x32\...\IntelliJ IDEA 13.1.1) (Version: 135.480 - JetBrains s.r.o.)
IntelliJ IDEA Community Edition 13.1.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 13.1.1) (Version: 135.480 - JetBrains s.r.o.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM-x32\...\Steam App 6880) (Version: - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games)
Magic Ball 2 (HKLM-x32\...\Magic Ball 2) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Minecolony floorplan editor 3.0c (HKCU\...\bd1bb547bd04472c) (Version: 1.0.0.1 - Lilleman)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mixxx 1.11.0 (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version: - Introversion Software)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Prototype (HKLM-x32\...\Steam App 10150) (Version: - Radical Entertainment)
PROTOTYPE 2 (HKLM-x32\...\Steam App 115320) (Version: - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PvP-Test Launcher Version 0.8 (HKLM-x32\...\{8DBB0017-F0B6-40E0-9883-1A49A3720E3A}_is1) (Version: 0.8 - PvP-Test.de & maxs97)
Python 2.7.5 (64-bit) (HKLM\...\{DBDD570E-0952-475F-9453-AB88F3DD565A}) (Version: 2.7.5150 - Python Software Foundation)
Rayman Legends (HKLM-x32\...\Steam App 242550) (Version: - )
Rayman Origins (HKLM-x32\...\Steam App 207490) (Version: - UBIart Montpellier)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Siedler3 (HKLM-x32\...\Siedler3Deinstall) (Version: - )
simfy (HKLM-x32\...\Simfy) (Version: 1.7.5 - simfy AG)
simfy (x32 Version: 1.7.5 - simfy AG) Hidden
Singularity (HKLM-x32\...\Steam App 42670) (Version: - Raven Software)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
Star Wars - Jedi Knight: Mysteries of the Sith (HKLM-x32\...\Steam App 32390) (Version: - LucasArts)
Star Wars Jedi Knight: Dark Forces II (HKLM-x32\...\Steam App 32380) (Version: - LucasArts)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
Star Wars Starfighter (HKLM-x32\...\Steam App 32350) (Version: - LucasArts)
Star Wars The Clone Wars: Republic Heroes (HKLM-x32\...\Steam App 32420) (Version: - Krome Studios)
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version: - LucasArts)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version: - Petroglyph)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version: - Aspyr Studios)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version: - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
SWING (HKLM-x32\...\SWING) (Version: - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Basement Collection (HKLM-x32\...\Steam App 214790) (Version: - Edmund McMillen, Tyler Glaiel)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Movies(TM) (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
The Settlers 7: Paths to a Kingdom - Gold Edition (HKLM-x32\...\Steam App 48210) (Version: - Blue Byte)
The Settlers: Rise of an Empire Gold Edition (HKLM-x32\...\Steam App 19930) (Version: - Blue Byte)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version: - Outerlight)
The Walking Dead™: Survival Instinct (HKLM-x32\...\Steam App 220050) (Version: - Terminal Reality, Inc.)
thriXXX Launcher (HKLM-x32\...\thriXXX Launcher) (Version: - thriXXX Software GmbH)
TimeShift (HKLM-x32\...\Steam App 10130) (Version: - Saber Interactive)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Tony Hawk's Pro Skater HD (HKLM-x32\...\Steam App 207210) (Version: - Robomodo)
TV3D SDK 6.5 Prerelease (HKLM-x32\...\TV3D SDK 6.5 Prerelease_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.1.2 - SoundSpectrum)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
Wireshark 1.10.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.3 - The Wireshark developer community, hxxp://www.wireshark.org)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version: - MachineGames)
WTFast 3.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.2.13.309 - Initex & AAA Internet Publishing)
YaCy (HKCU\...\YaCy) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3680688155-2668200437-4286530012-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
==================== Restore Points =========================
28-09-2014 17:32:32 Geplanter Prüfpunkt
28-09-2014 20:44:13 Avira System Speedup(1.3.1.9930)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03631551-92C8-4D5D-9ABC-F54062BAD714} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-09-28] (Avira)
Task: {0F963D41-3193-49AA-83CA-2244E89906B0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {29C934BB-892A-4B17-9E17-F1B48C42DECA} - System32\Tasks\{A9A2CBD7-66FF-4D28-862E-6DABAC6EF6B3} => D:\SIM_FARM\SETUP.EXE
Task: {6C47460D-9773-4247-B3EC-AB1F89D9DD1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {78460CF6-BF52-4465-BF57-985C8C57437F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {D4D5E13F-E481-4051-AFB7-CC834E817A4C} - System32\Tasks\{EAD786A0-6103-4166-8D2E-706576C92272} => D:\SIM_FARM\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-28 00:44 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-02-22 23:24 - 2014-02-22 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-10-08 11:42 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-09 01:37 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-05 12:52 - 2014-07-22 22:46 - 03356480 _____ () C:\Users\Marvin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-09-27 14:15 - 2013-09-27 14:15 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-09-27 14:15 - 2013-09-27 14:15 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2013-09-27 14:15 - 2013-09-27 14:15 - 00186344 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2013-09-27 14:15 - 2013-09-27 14:15 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-27 14:15 - 2013-09-27 14:15 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 00055720 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 00197544 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 00590760 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 00202664 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 14863784 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2013-10-30 17:01 - 2013-10-30 17:01 - 00319912 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-09-29 16:54 - 2014-09-29 16:54 - 00306176 _____ () C:\Users\Marvin\AppData\Roaming\.minecraft\versions\1.7.2-LiteLoader1.7.2\1.7.2-LiteLoader1.7.2-natives-72802690425403\lwjgl64.dll
2014-09-29 16:54 - 2014-09-29 16:54 - 00382464 _____ () C:\Users\Marvin\AppData\Roaming\.minecraft\versions\1.7.2-LiteLoader1.7.2\1.7.2-LiteLoader1.7.2-natives-72802690425403\OpenAL64.dll
2014-09-29 16:54 - 2014-09-29 16:54 - 00065024 _____ () C:\Users\Marvin\AppData\Roaming\.minecraft\versions\1.7.2-LiteLoader1.7.2\1.7.2-LiteLoader1.7.2-natives-72802690425403\jinput-dx8_64.dll
2014-09-29 16:54 - 2014-09-29 16:54 - 00062464 _____ () C:\Users\Marvin\AppData\Roaming\.minecraft\versions\1.7.2-LiteLoader1.7.2\1.7.2-LiteLoader1.7.2-natives-72802690425403\jinput-raw_64.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-06 22:50 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-30 16:25 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 16:25 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 16:25 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-08-21 14:18 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-24 14:43 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 16:25 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 16:25 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-04 16:54 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-03-30 11:20 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Marvin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2013-09-10 14:20 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-16 18:29 - 2014-09-05 01:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-06-11 08:50 - 2014-06-11 08:50 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 08:50 - 2014-06-11 08:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 08:50 - 2014-06-11 08:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-09-25 15:10 - 2014-09-25 15:10 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1FD9DB67
AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3680688155-2668200437-4286530012-500 - Administrator - Disabled)
Gast (S-1-5-21-3680688155-2668200437-4286530012-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3680688155-2668200437-4286530012-1002 - Limited - Enabled)
Marvin (S-1-5-21-3680688155-2668200437-4286530012-1000 - Administrator - Enabled) => C:\Users\Marvin
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Gerät
Description: PCI-Gerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2014 03:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0x1a04
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (09/29/2014 03:03:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (09/28/2014 11:47:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (09/28/2014 10:43:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/28/2014 09:02:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (09/28/2014 08:42:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/28/2014 08:41:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/28/2014 08:41:25 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (09/28/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/28/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/28/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (09/29/2014 03:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a1a0401cfdbe5d00e1513C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe0dcefb39-47d9-11e4-82b6-d4bed9269220
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (09/29/2014 03:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008
Error: (09/29/2014 01:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
Error: (09/29/2014 01:54:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-07-20 15:47:56.574
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-20 15:47:56.544
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-20 15:47:55.830
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-20 15:47:55.801
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 8139.86 MB
Available physical RAM: 4768.93 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 11834.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:26.25 GB) NTFS
Drive e: (SWING2000) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CE8E25DA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.09.2014, 09:17
| #6 |
| /// the machine /// TB-Ausbilder | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP |
|
30.09.2014, 09:34
| #7 |
| | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Guten Morgen, Ich besitze bereits Malwarebytes, jedoch musste ich eben fesstellen, das sich die Database nicht mehr updaten lässt. Das Programm kann scheinbar keine Verbindung zum Server aufbauen. |
|
01.10.2014, 07:26
| #8 |
| /// the machine /// TB-Ausbilder | Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP Dann scanne mit der alten und mach dann den Rest.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdächtigen Ordner entdeckt 3F5C371F8EA24F259D3DD0B4526E3AEA.TMP |
| bandbreite, datei, entdeck, fehlercode 0x40000015, fehlercode 22, fehlercode 28, fehlercode windows, folge, folgende, guten, handy, komisch, ordner, stehe, suche, this device is disabled. (code 22), verdächtige, volle, windows, wirkt, würde |
Linear-Darstellung
