Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Search Protect vollständig beseitigt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2014, 09:02   #1
drwar5ong
 
Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Hallo zusammen!

Erst einmal ein dickes Lob an Euch und Eure Arbeit..gerade, weil ihr dafür auch eure Freizeit opfert!

Nun zum Problem:

Vorgestern fiel mir auf, dass in meiner Taskleiste rechts unten sich ein neues Symbol eingenistet hat: Ein orange-gelber Pfeil (oder sowas ähnliches). Wenn ich drauf geklickt habe ging ein kleines Fenster auf und man konnte Häkchen bei zwei Optionen (irgendetwas mit Yahoo) machen. Nach Recherche mit Google, bin ich darauf gestoßen, dass es sich wohl um "Search Protect" handeln muss..dabei bin ich dann auch auf Eure Seite gestoßen.

Habe inzwischen (wegen anderer ähnlicher Posts) bereits malware, avast und adwkiller drüberlaufen lassen. Das Symbol ist jetzt auch weg.

Könnte mir trotzdem einer von Euch helfen, um zu schauen, ob wirklich ALLES weg ist?

Danke schonmal!
Gruß,
Till

Alt 22.10.2014, 09:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.10.2014, 10:35   #3
drwar5ong
 
Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Tilmann Eller (administrator) on SUPER-PC on 22-10-2014 11:28:29
Running from C:\Users\Tilmann Eller\Desktop
Loaded Profile: Tilmann Eller (Available profiles: Tilmann Eller)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-22] (AVAST Software)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [Epson Stylus SX420W(Netzwerk)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-520989056-2089718371-1745703678-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
Startup: C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01710AA7573ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tilmann Eller\AppData\Roaming\Mozilla\Firefox\Profiles\t13r4iu2.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DivX Web Player - C:\Users\Tilmann Eller\AppData\Roaming\Mozilla\Firefox\Profiles\t13r4iu2.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-09-05]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-22]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-22] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-07-18] (Teruten) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-10-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-22] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 11:28 - 2014-10-22 11:29 - 00013747 _____ () C:\Users\Tilmann Eller\Desktop\FRST.txt
2014-10-22 11:28 - 2014-10-22 11:28 - 00000000 ____D () C:\FRST
2014-10-22 11:27 - 2014-10-22 11:28 - 01102336 _____ (Farbar) C:\Users\Tilmann Eller\Desktop\FRST.exe
2014-10-22 09:18 - 2014-10-22 09:18 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Virus
2014-10-22 09:17 - 2014-10-22 09:35 - 00000000 ____D () C:\AdwCleaner
2014-10-22 09:12 - 2014-10-22 09:13 - 01753736 _____ () C:\Users\Tilmann Eller\Downloads\Adaware114_Installer.exe
2014-10-22 09:00 - 2014-10-22 09:00 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\AVAST Software
2014-10-22 08:59 - 2014-10-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-22 08:58 - 2014-10-22 08:58 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-22 08:58 - 2014-10-22 08:58 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-22 08:58 - 2014-10-22 08:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-22 08:58 - 2014-10-22 08:58 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-22 08:57 - 2014-10-22 08:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-22 08:55 - 2014-10-22 08:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-21 20:35 - 2014-10-21 20:36 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\FUSSBALL MANAGER 13
2014-10-21 18:19 - 2014-10-21 18:20 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Left4Uncut
2014-10-21 18:18 - 2014-10-21 18:18 - 00561348 _____ () C:\Users\Tilmann Eller\Downloads\Uncut.zip
2014-10-21 18:00 - 2014-10-21 18:00 - 00022202 _____ () C:\Users\Tilmann Eller\Downloads\left4gore-2.3-windows.zip
2014-10-21 16:56 - 2014-10-21 16:56 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\My Games
2014-10-21 16:56 - 2014-10-21 16:56 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\My Games
2014-10-21 16:10 - 2014-10-21 16:10 - 00001178 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk
2014-10-21 16:10 - 2014-10-21 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13
2014-10-21 16:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-10-21 16:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-10-21 16:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-10-21 16:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-21 16:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-10-21 16:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-10-21 16:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-10-21 16:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-10-21 16:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-10-21 16:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-10-21 16:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-10-21 16:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-10-21 15:37 - 2014-10-21 15:42 - 00000000 ____D () C:\Program Files\Origin Games
2014-10-21 14:27 - 2014-10-21 15:37 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\Origin
2014-10-21 13:50 - 2014-10-21 13:50 - 00000214 _____ () C:\Users\Tilmann Eller\Desktop\Sid Meier's Civilization V.url
2014-10-20 20:09 - 2014-10-20 20:09 - 00000213 _____ () C:\Users\Tilmann Eller\Desktop\Left 4 Dead 2.url
2014-10-20 16:22 - 2014-10-21 13:50 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-20 16:22 - 2014-10-20 16:22 - 00000213 _____ () C:\Users\Tilmann Eller\Desktop\Portal 2.url
2014-10-20 15:18 - 2014-10-22 10:47 - 00000000 ____D () C:\Program Files\Steam
2014-10-20 15:18 - 2014-10-20 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-20 15:18 - 2014-10-20 15:18 - 00000875 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-10-20 14:37 - 2014-10-22 08:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 14:37 - 2014-10-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-20 14:36 - 2014-10-20 14:37 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-20 14:36 - 2014-10-20 14:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 14:36 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 14:36 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 14:36 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 14:05 - 2014-10-20 14:05 - 00000000 ____D () C:\ProgramData\EA Core
2014-10-20 13:31 - 2014-10-20 16:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-10-20 12:59 - 2014-10-21 17:57 - 00000000 ____D () C:\Users\Tilmann Eller\Documents\Square Enix
2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\Windows\system32\AGEIA
2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-20 12:57 - 2014-10-20 12:57 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-10-20 12:56 - 2014-10-20 12:56 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-20 12:56 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-10-20 12:56 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-10-20 12:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-10-20 12:56 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-10-20 12:56 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-10-20 12:56 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-10-20 12:56 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-10-20 12:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-10-20 12:56 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-10-20 12:56 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-10-20 12:56 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-10-20 12:56 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-10-20 12:56 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-10-20 12:56 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-10-20 12:56 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-10-20 12:56 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-10-20 12:56 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-10-20 12:56 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-10-20 12:56 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-10-20 12:56 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-10-20 12:56 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-10-20 12:56 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-10-20 12:56 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-10-20 12:56 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-10-20 12:56 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-10-20 12:56 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-10-20 12:56 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-10-20 12:56 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-10-20 12:56 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-10-20 12:56 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-10-20 12:56 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-10-20 12:56 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-10-20 12:56 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-10-20 12:56 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-10-20 12:56 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-10-20 12:56 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-10-20 12:56 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-10-20 12:56 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-10-20 12:56 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-10-20 12:56 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-10-20 12:56 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-10-20 12:56 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-10-20 12:56 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-10-20 12:56 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-10-20 12:56 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-10-20 12:56 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-10-20 12:56 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-10-20 12:56 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-10-20 12:56 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-10-20 12:56 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-10-20 12:56 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-10-20 12:56 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-10-20 12:56 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-10-20 12:54 - 2014-10-20 12:54 - 00000000 ____D () C:\Program Files\AMD
2014-10-20 12:54 - 2007-06-29 14:47 - 00034304 _____ (AMD, Inc.) C:\Windows\system32\Drivers\AmdLLD.sys
2014-10-16 14:53 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 14:53 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 14:53 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 14:53 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 14:53 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 14:53 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 14:53 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 14:53 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 14:53 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 14:53 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 14:53 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 14:53 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 14:53 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 14:53 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 14:53 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 14:53 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 14:53 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 14:53 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 14:53 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 14:53 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 14:53 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 14:53 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 14:53 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 14:53 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 14:53 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 14:53 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 14:53 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 14:53 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 14:53 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 14:53 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 14:53 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 14:53 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 14:53 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 14:53 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 14:53 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 14:50 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 14:50 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 14:50 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 14:50 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 14:50 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 14:50 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 14:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 14:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 14:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 14:49 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 14:49 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-09 13:36 - 2014-10-09 13:36 - 00001007 _____ () C:\Users\Tilmann Eller\Desktop\Winmail Opener.lnk
2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winmail Opener
2014-10-09 13:36 - 2014-10-09 13:36 - 00000000 ____D () C:\Program Files\Winmail Opener
2014-10-01 19:50 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 04:59 - 2014-09-25 04:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 12:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 11:01 - 2012-11-14 16:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 10:45 - 2014-05-15 18:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 10:45 - 2012-11-03 00:07 - 00000000 ____D () C:\ProgramData\Origin
2014-10-22 10:32 - 2012-09-05 17:10 - 01334310 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 10:03 - 2012-11-03 00:07 - 00000000 ____D () C:\Program Files\Origin
2014-10-22 09:45 - 2014-05-15 18:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 09:44 - 2009-07-14 06:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 09:44 - 2009-07-14 06:34 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 09:35 - 2013-01-18 21:34 - 00000000 ___RD () C:\Users\Tilmann Eller\Dropbox
2014-10-22 09:35 - 2013-01-18 21:33 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Dropbox
2014-10-22 09:33 - 2010-11-20 23:48 - 00485242 _____ () C:\Windows\PFRO.log
2014-10-22 09:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 09:33 - 2009-07-14 06:39 - 00101392 _____ () C:\Windows\setupact.log
2014-10-21 20:34 - 2012-10-29 16:52 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-21 17:57 - 2012-09-05 17:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-21 17:55 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-21 15:37 - 2012-11-03 00:07 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Origin
2014-10-21 14:18 - 2012-11-03 00:07 - 00001092 _____ () C:\Windows\KB893803v2.log
2014-10-20 15:19 - 2012-09-05 17:19 - 00000000 ____D () C:\Users\Tilmann Eller
2014-10-20 14:32 - 2012-11-14 16:06 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-20 14:02 - 2012-10-29 16:36 - 00000000 ____D () C:\Program Files\Spiele
2014-10-20 12:54 - 2013-08-20 18:02 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Local\Downloaded Installations
2014-10-19 13:09 - 2014-04-29 16:20 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Umbau 2014
2014-10-19 13:04 - 2012-09-12 17:45 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\vlc
2014-10-19 12:51 - 2014-09-05 16:36 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Bilder Sept 2014
2014-10-17 13:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-17 13:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 18:31 - 2009-07-14 06:33 - 00437120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 18:29 - 2014-05-06 21:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 18:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 17:54 - 2013-08-16 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:51 - 2013-03-08 23:11 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 15:18 - 2013-08-18 18:29 - 00000000 ____D () C:\Users\Tilmann Eller\Desktop\Claudi
2014-10-13 16:45 - 2010-11-20 23:01 - 01648704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 13:37 - 2013-05-02 19:15 - 00000093 _____ () C:\Users\Tilmann Eller\AppData\default.pls
2014-10-08 16:59 - 2012-09-05 18:33 - 00000000 ____D () C:\Users\Tilmann Eller\AppData\Roaming\Macromedia
2014-10-08 16:59 - 2012-09-05 18:32 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-02 15:53 - 2012-09-05 18:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-27 12:09 - 2013-08-22 17:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 18:01 - 2012-09-05 18:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 18:01 - 2012-09-05 18:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Tilmann Eller\AppData\Local\Temp\4ij0rfce.dll
C:\Users\Tilmann Eller\AppData\Local\Temp\danz11et.dll
C:\Users\Tilmann Eller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkg6pi2.dll
C:\Users\Tilmann Eller\AppData\Local\Temp\kifehtb7.dll
C:\Users\Tilmann Eller\AppData\Local\Temp\Quarantine.exe
C:\Users\Tilmann Eller\AppData\Local\Temp\sqlite3.dll
C:\Users\Tilmann Eller\AppData\Local\Temp\uninst1.exe
C:\Users\Tilmann Eller\AppData\Local\Temp\vuue3jxs.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 15:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by Tilmann Eller at 2014-10-22 11:30:04
Running from C:\Users\Tilmann Eller\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{A7DB362E-16DC-4E29-8A34-E74381E00B5B}) (Version: 10.1.4.020 - Adobe Systems, Inc.)
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden
Der Herr der Ringe Online v03.03.05.8039 (HKLM\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.05.8039 - Turbine, Inc.)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duden Vorlagensammlung (HKLM\...\Duden Vorlagensammlung) (Version:  - Bibliographisches Institut GmbH)
Epson Easy Photo Print 2 (HKLM\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Handbuch (HKLM\...\EPSON SX420W Series Manual) (Version:  - )
EPSON SX420W Series Netzwerk-Handbuch (HKLM\...\EPSON SX420W Series Network Guide) (Version:  - )
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kies Air Discovery Service (HKCU\...\Kies Air Discovery Service) (Version:  - Samsung)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
M.U.D. TV (HKLM\...\{0BA08A7A-A883-44BA-B474-68A7530FB8EF}) (Version: 1.0.6.0 - Realmforge Studios GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM\...\{BE282C23-5484-47FF-B2C1-EBEA5C891031}) (Version: 8.3.29 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-520989056-2089718371-1745703678-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-10-2014 15:49:03 Removed Microsoft Games for Windows - LIVE
20-10-2014 16:50:33 Removed Microsoft Games for Windows - LIVE Redistributable
21-10-2014 08:51:58 Windows Update
21-10-2014 11:34:39 DirectX wurde installiert
21-10-2014 14:09:04 DirectX wurde installiert
21-10-2014 15:54:09 Entfernt Batman: Arkham Asylum Game of the Year Edition
22-10-2014 06:57:33 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {236E5FBD-D5C0-427D-B9AC-3543DE7693E6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {301EE496-FACA-4A1D-8ECA-94ECAA418701} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3C523288-4781-4766-A91C-E39764267194} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {6DAAAA56-54B8-4D73-AA8D-BE0A8B873D1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {A374CA46-E6D4-411C-9289-E86FA7B86C6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-22] (AVAST Software)
Task: {C20F3244-3257-491D-AAD9-7AC872548B53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {C3764BF0-619C-4F78-95B3-294E901EEFDF} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {D9C3E804-416F-4896-B240-7806B950D4C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-22 08:58 - 2014-10-22 08:58 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-22 09:16 - 2014-10-22 09:16 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102200\algo.dll
2012-10-21 17:12 - 2007-05-22 10:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-22 08:58 - 2014-10-22 08:58 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-17 13:10 - 2014-10-17 13:10 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\8efeedc04e0b39945c85acaec7d991de\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-17 13:11 - 2014-10-17 13:11 - 17280000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\5420374c1c1512f5da0d7db7f63f6b6d\Kies.Theme.ni.dll
2014-10-17 13:10 - 2014-10-17 13:10 - 01795072 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\443a64ac0c6e35fd958a51f972a9463f\Kies.UI.ni.dll
2014-10-17 13:10 - 2014-10-17 13:10 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\186c672b9e554bd4f43cfacd00bd7eda\Kies.MVVM.ni.dll
2014-10-17 13:10 - 2014-10-17 13:10 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2014-10-22 09:34 - 2014-10-22 09:34 - 00043008 _____ () c:\Users\Tilmann Eller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkg6pi2.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Tilmann Eller\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 04:59 - 2014-09-25 04:59 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-21 10:15 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-21 10:15 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-21 10:15 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-09-03 11:28 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2014-09-22 20:32 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files\Steam\video.dll
2014-08-21 10:15 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-21 10:15 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2014-09-22 20:32 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2014-09-04 15:29 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-09-10 21:02 - 2014-09-10 21:02 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-520989056-2089718371-1745703678-500 - Administrator - Disabled)
ASPNET (S-1-5-21-520989056-2089718371-1745703678-1002 - Limited - Enabled)
Gast (S-1-5-21-520989056-2089718371-1745703678-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-520989056-2089718371-1745703678-1004 - Limited - Enabled)
Tilmann Eller (S-1-5-21-520989056-2089718371-1745703678-1000 - Administrator - Enabled) => C:\Users\Tilmann Eller

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 10:45:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/22/2014 09:45:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/22/2014 09:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 09:06:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 08:58:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm instup.exe, Version 9.0.2021.515 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 41c

Startzeit: 01cfedc537178c3e

Endzeit: 60000

Anwendungspfad: C:\Users\TILMAN~1\AppData\Local\Temp\_av_iup.tm~a00552\instup.exe

Berichts-ID: 98d86e0d-59b8-11e4-a5b0-001731700d55

Error: (10/22/2014 08:57:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary seskkibz.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (10/22/2014 08:57:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {8cc72639-de24-4bc9-86cc-5ee698a714bc}

Error: (10/22/2014 08:45:06 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (10/22/2014 08:39:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 10:45:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (10/22/2014 09:34:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (10/20/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/20/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/20/2014 01:39:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/20/2014 01:39:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (10/16/2014 06:34:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2952664)

Error: (10/11/2014 03:08:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/04/2014 09:43:27 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (09/21/2014 03:48:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (09/21/2014 03:48:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/13/2014 01:34:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 304 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (06/29/2014 00:02:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24813 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (02/22/2014 00:48:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124 seconds with 1200 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 49%
Total physical RAM: 2046.55 MB
Available physical RAM: 1042.75 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2756 MB
Total Virtual: 2175.88 MB
Available Virtual: 2018.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:11.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: F399F399)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 22.10.2014, 19:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Google Update Helper


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Rest sieh gut aus.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2014, 10:46   #5
drwar5ong
 
Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Habe das Programm installiert...es gibt dort aber keinen Google update Helper.


Alt 24.10.2014, 07:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Jetzt solltest Du es sehen
__________________
--> Search Protect vollständig beseitigt?

Alt 24.10.2014, 09:16   #7
drwar5ong
 
Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Aha! Da isse! Du Fuchs!

Ok, hab soweit alles gemacht wie du gesagt hast. Wars das?

Alt 24.10.2014, 18:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



jo
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.10.2014, 11:44   #9
drwar5ong
 
Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Super, danke dir!

Alt 29.10.2014, 08:11   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Search Protect vollständig beseitigt? - Standard

Search Protect vollständig beseitigt?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Search Protect vollständig beseitigt?
anderer, avast, beseitigt, dickes, fenster, google, hallo zusammen, kleines, konnte, malware, neues, opfer, problem, protect, rechts, schonmal, search, seite, symbol, taskleiste, vollständig, wirklich, yahoo, zusammen, ähnliches



Ähnliche Themen: Search Protect vollständig beseitigt?


  1. Search Protect Problem
    Plagegeister aller Art und deren Bekämpfung - 22.08.2016 (21)
  2. Search Protect in Taskleiste
    Log-Analyse und Auswertung - 17.04.2015 (24)
  3. Search Protect in Taskleiste
    Lob, Kritik und Wünsche - 16.04.2015 (1)
  4. Search Protect entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  5. Protect search -wie werde ich ihn los?
    Log-Analyse und Auswertung - 03.12.2014 (10)
  6. Download Protect - vollständig erkennen
    Mülltonne - 28.07.2014 (4)
  7. Search Protect (trovi.com, search.iminent.com), Fehler bei der Deinstallation.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (17)
  8. Problem mit Search Protect
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (18)
  9. Search Protect Beseitigung
    Log-Analyse und Auswertung - 05.05.2014 (11)
  10. Search protect - conduit
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  11. search protect condoit
    Alles rund um Windows - 29.12.2013 (1)
  12. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  13. Search Protect by Conduit (u.a.?)
    Log-Analyse und Auswertung - 10.12.2013 (11)
  14. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (8)
  15. Bka Trojaner vollständig beseitigt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (11)
  16. GVU Trojaner vollständig beseitigt?
    Log-Analyse und Auswertung - 18.01.2013 (9)
  17. BKA-Trojaner vollständig beseitigt? / System wieder sicher?
    Log-Analyse und Auswertung - 16.01.2012 (21)

Zum Thema Search Protect vollständig beseitigt? - Hallo zusammen! Erst einmal ein dickes Lob an Euch und Eure Arbeit..gerade, weil ihr dafür auch eure Freizeit opfert! Nun zum Problem: Vorgestern fiel mir auf, dass in meiner Taskleiste - Search Protect vollständig beseitigt?...
Archiv
Du betrachtest: Search Protect vollständig beseitigt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.