| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.03.2015, 21:10
| #1 |
| |  Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hier sind die Scanergebnisse via FRST: FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Robin Gaudig_2 (administrator) on ROBIN on 11-03-2015 21:03:09 Running from C:\Users\Robin Gaudig_2\Desktop Loaded Profiles: Robin Gaudig_2 (Available profiles: Robin Gaudig & Robin lernt & Robin Gaudig_2) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Robin Gaudig_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files (x86)\Skiller Pro\Monitor.EXE () C:\Program Files (x86)\Drakonia Configurator\hid.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe (Logitech, Inc.) C:\Users\Robin Gaudig_2\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.) C:\Users\Robin Gaudig_2\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] () HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [246784 2012-06-07] () HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [Spotify Web Helper] => C:\Users\Robin Gaudig_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-20] (Spotify Ltd) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [Spotify] => C:\Users\Robin Gaudig_2\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-20] (Spotify Ltd) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-29] (Electronic Arts) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [RoccatPowerGrid] => C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe [5147248 2013-12-18] () HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Run: [GoogleChromeAutoLaunch_EDF8B61700E280401295906E15F68627] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-25066539-1866889071-2790813578-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-25066539-1866889071-2790813578-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-25066539-1866889071-2790813578-1003\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-25066539-1866889071-2790813578-1000\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53996;https=127.0.0.1:53996 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-25066539-1866889071-2790813578-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A HKU\S-1-5-21-25066539-1866889071-2790813578-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1425306729&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&q={searchTerms} SearchScopes: HKU\S-1-5-21-25066539-1866889071-2790813578-1004 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs1&utm_campaign=install_ie&utm_content=ds&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&ts=1425306889&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-25066539-1866889071-2790813578-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs1&utm_campaign=install_ie&utm_content=ds&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&ts=1425306889&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-25066539-1866889071-2790813578-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs1&utm_campaign=install_ie&utm_content=ds&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&ts=1425306889&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-25066539-1866889071-2790813578-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs1&utm_campaign=install_ie&utm_content=ds&from=cvs1&uid=ST500DM002-1BD142_W2ASN82AXXXXW2ASN82A&ts=1425306889&type=default&q={searchTerms} BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> mscoree.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-21] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-21] (Oracle Corporation) BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> mscoree.dll No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll No File Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Hosts: 127.0.0.1 activation.cloud.techsmith.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default FF NewTab: chrome://quick_start/content/index.html FF SelectedSearchEngine: mystartsearch FF Homepage: https://www.youtube.com/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-16] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-16] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-05-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-05-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-25066539-1866889071-2790813578-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Robin Gaudig_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-25066539-1866889071-2790813578-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-21] () FF Plugin HKU\S-1-5-21-25066539-1866889071-2790813578-1004: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF user.js: detected! => C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\user.js [2015-03-11] FF SearchPlugin: C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\searchplugins\dsrlte.xml [2014-11-15] FF SearchPlugin: C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\searchplugins\mystartsearch.xml [2015-03-02] FF SearchPlugin: C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\searchplugins\Web Search.xml [2014-10-13] FF Extension: Adblock Plus - C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-10] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28] FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\extensions\searchengine@gmail.com FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\extensions\istart_ffnt@gmail.com FF HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Robin Gaudig_2\AppData\Roaming\Mozilla\Firefox\Profiles\ldjce0et.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06] CHR Extension: (Google Docs) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06] CHR Extension: (Google Drive) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-06] CHR Extension: (YouTube) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-06] CHR Extension: (Google Search) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-06] CHR Extension: (Google Sheets) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06] CHR Extension: (Google Wallet) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06] CHR Extension: (Gmail) - C:\Users\Robin Gaudig_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 MaintainerSvc4.52.864054; C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe [123632 2015-03-11] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-29] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-02] (SysTool PasSame LIMITED) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.) R3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-06-20] () R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 OT_DIGITAL_DJ; C:\Windows\System32\Drivers\OMNITRONIC DDI 4x4u.sys [461376 2009-10-30] (Ploytec GmbH) S3 OT_DIGITAL_DJ_A_WDM; C:\Windows\System32\drivers\OMNITRONIC DDI 4x4a.sys [49728 2009-10-30] (Ploytec GmbH) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation ) R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [61112 2014-06-27] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-06-30] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [48824 2014-10-01] (StdLib) R1 {fd74c1d1-1ac3-43f9-8336-32679dc7de45}w64; C:\Windows\System32\drivers\{fd74c1d1-1ac3-43f9-8336-32679dc7de45}w64.sys [48784 2014-11-15] (StdLib) S2 AODDriver4.2; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 21:03 - 2015-03-11 21:03 - 00026806 _____ () C:\Users\Robin Gaudig_2\Desktop\FRST.txt 2015-03-11 21:03 - 2015-03-11 21:03 - 00000000 ____D () C:\FRST 2015-03-11 21:02 - 2015-03-11 21:02 - 02095616 _____ (Farbar) C:\Users\Robin Gaudig_2\Desktop\FRST64.exe 2015-03-11 20:56 - 2015-03-11 20:56 - 00798408 _____ (Piriform Ltd) C:\Users\Robin Gaudig_2\Downloads\screenshot_2251.scr 2015-03-08 19:12 - 2015-03-10 16:09 - 00000146 _____ () C:\Users\Robin Gaudig_2\Desktop\Maikelele Croshair.txt 2015-03-08 18:41 - 2015-03-08 18:41 - 00011191 _____ () C:\Users\Robin Gaudig_2\Documents\Unfallbericht.odt 2015-03-08 18:34 - 2015-03-08 21:48 - 00000134 _____ () C:\Users\Robin Gaudig_2\Desktop\NothingtoKnife.txt 2015-03-07 17:32 - 2015-03-07 17:32 - 00001155 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-03-07 17:32 - 2015-03-07 17:32 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-03-07 17:32 - 2015-03-07 17:32 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\Canneverbe Limited 2015-03-07 17:32 - 2015-03-07 17:32 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2015-03-07 17:32 - 2015-03-07 17:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2015-03-07 17:30 - 2015-03-07 17:30 - 05409016 _____ (Canneverbe Limited ) C:\Users\Robin Gaudig_2\Downloads\cdbxp_setup_4.5.4.5306_minimal.exe 2015-03-07 10:33 - 2015-03-07 10:33 - 00000000 ____D () C:\Users\Robin Gaudig\AppData\Local\Google 2015-03-06 21:41 - 2015-03-06 21:41 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-06 21:41 - 2015-03-06 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-06 21:37 - 2015-03-11 20:59 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-06 21:37 - 2015-03-11 20:42 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-06 21:37 - 2015-03-06 21:41 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\Google 2015-03-06 21:37 - 2015-03-06 21:41 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-06 21:37 - 2015-03-06 21:37 - 00880208 _____ (Google Inc.) C:\Users\Robin Gaudig_2\Downloads\ChromeSetup.exe 2015-03-06 21:37 - 2015-03-06 21:37 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-06 21:37 - 2015-03-06 21:37 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-06 13:54 - 2015-03-06 13:54 - 00004486 _____ () C:\Users\Robin Gaudig_2\AppData\Local\recently-used.xbel 2015-03-05 17:39 - 2015-03-05 17:39 - 00000219 _____ () C:\Users\Robin Gaudig_2\Desktop\Portal.url 2015-03-05 15:52 - 2015-03-05 15:52 - 00000219 _____ () C:\Users\Robin Gaudig_2\Desktop\Half-Life 2.url 2015-03-03 20:46 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 20:46 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 20:46 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 20:46 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-02 17:49 - 2015-03-02 17:49 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-03-02 17:49 - 2015-03-02 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-03-02 17:49 - 2015-03-02 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-03-02 17:49 - 2015-03-02 17:49 - 00000000 ____D () C:\Program Files\iTunes 2015-03-02 17:49 - 2015-03-02 17:49 - 00000000 ____D () C:\Program Files\iPod 2015-03-02 17:49 - 2015-03-02 17:49 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-03-02 15:35 - 2015-03-02 15:35 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-02 15:34 - 2015-03-02 15:35 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-03-02 15:32 - 2015-03-02 15:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-02-25 21:19 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 21:19 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-21 19:31 - 2015-02-21 19:31 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\Steam 2015-02-16 18:40 - 2015-02-16 18:40 - 00000222 _____ () C:\Users\Robin Gaudig_2\Desktop\The Forest.url 2015-02-16 15:22 - 2015-02-16 15:22 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\java 2015-02-16 15:19 - 2015-02-16 15:22 - 00000000 ____D () C:\Program Files (x86)\Minecraft 2015-02-16 15:19 - 2015-02-16 15:19 - 00000961 _____ () C:\Users\Public\Desktop\Minecraft.lnk 2015-02-16 15:19 - 2015-02-16 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-02-14 22:11 - 2015-02-14 22:11 - 00000000 ____D () C:\Users\Robin Gaudig_2\Desktop\StudioCollection_Vol1_-_PrimeLoops 2015-02-14 22:10 - 2015-02-14 22:10 - 00487967 ____T () C:\Users\Robin Gaudig_2\Desktop\Hozier - Take Me To Church.mp3.asd 2015-02-14 22:07 - 2013-06-02 11:29 - 1743328570 _____ () C:\Users\Robin Gaudig_2\Desktop\StudioCollection_Vol1_-_PrimeLoops.zip 2015-02-14 21:55 - 2014-11-06 10:58 - 18943704 _____ () C:\Users\Robin Gaudig_2\Desktop\Urban Synths.rar 2015-02-14 21:55 - 2014-11-06 10:57 - 23704247 _____ () C:\Users\Robin Gaudig_2\Desktop\R&B Keyz.rar 2015-02-14 21:55 - 2014-11-06 10:57 - 10869322 _____ () C:\Users\Robin Gaudig_2\Desktop\Acid Synths.rar 2015-02-14 21:51 - 2015-02-14 22:52 - 00000000 ____D () C:\Users\Robin Gaudig_2\Desktop\Dubstep Reaper 2015-02-14 21:51 - 2014-11-06 10:57 - 14120632 _____ () C:\Users\Robin Gaudig_2\Desktop\Dubstep Reaper.rar 2015-02-12 20:32 - 2015-02-12 20:32 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\8BitMMO 2015-02-12 20:17 - 2015-02-12 20:17 - 00000222 _____ () C:\Users\Robin Gaudig_2\Desktop\8BitMMO.url 2015-02-12 17:54 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 17:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 14:00 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 14:00 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 14:00 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 14:00 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 14:00 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 14:00 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 14:00 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 14:00 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 14:00 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 14:00 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 14:00 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 14:00 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 14:00 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 14:00 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 14:00 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 14:00 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 14:00 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 14:00 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 14:00 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 14:00 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 14:00 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 14:00 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 14:00 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 14:00 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 14:00 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 14:00 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 14:00 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 14:00 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 14:00 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 14:00 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 14:00 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 14:00 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 14:00 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 14:00 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 14:00 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 14:00 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 14:00 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 14:00 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 14:00 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 13:59 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 13:59 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 13:59 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 13:59 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 13:59 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 13:59 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 13:59 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 13:59 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 13:59 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 13:59 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 13:59 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 13:59 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 13:59 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 13:59 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 13:59 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 13:59 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 13:59 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 13:59 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 13:57 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 13:57 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 13:57 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 13:57 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 13:57 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 13:57 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 13:57 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 13:57 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 13:57 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 13:57 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 13:57 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 13:57 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 13:57 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 13:57 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 13:57 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 13:57 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 13:57 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 13:57 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 13:57 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 13:57 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 13:57 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 13:57 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 13:57 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 13:57 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 13:57 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-11 13:57 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-11 13:57 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-02-11 13:56 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 13:56 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 13:56 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 13:56 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 13:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 13:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 13:56 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 13:56 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 13:56 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 13:56 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 21:02 - 2014-06-20 19:16 - 01680313 _____ () C:\Windows\WindowsUpdate.log 2015-03-11 21:00 - 2014-06-20 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-11 20:59 - 2014-11-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-11 20:59 - 2014-09-22 17:55 - 00000105 _____ () C:\Windows\Brownie.ini 2015-03-11 20:59 - 2014-07-06 18:29 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\Spotify 2015-03-11 20:59 - 2014-06-20 19:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-11 20:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-11 20:59 - 2009-07-14 05:51 - 00097180 _____ () C:\Windows\setupact.log 2015-03-11 20:49 - 2014-10-09 20:49 - 00000225 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\WB.CFG 2015-03-11 20:49 - 2014-10-09 19:49 - 00000316 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2015-03-11 20:30 - 2014-11-15 21:23 - 00000000 ____D () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7 2015-03-11 20:15 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-11 20:15 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-11 20:07 - 2014-09-15 18:04 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\Adobe 2015-03-11 20:05 - 2014-06-28 11:05 - 00000312 _____ () C:\Windows\Tasks\Rocket Updater.job 2015-03-11 20:04 - 2014-06-28 11:04 - 00000312 _____ () C:\Windows\Tasks\AppCloudUpdater.job 2015-03-11 20:04 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2015-03-11 20:04 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2015-03-11 20:04 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-11 19:58 - 2014-07-06 18:32 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\Spotify 2015-03-10 21:47 - 2014-09-14 13:09 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\TS3Client 2015-03-10 15:20 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-09 20:01 - 2014-06-26 16:55 - 00001346 __RSH () C:\Users\Robin Gaudig_2\ntuser.pol 2015-03-09 20:01 - 2014-06-26 16:55 - 00000000 ____D () C:\Users\Robin Gaudig_2 2015-03-09 19:59 - 2014-06-21 18:14 - 00000000 ____D () C:\Users\Robin Gaudig\AppData\Roaming\Skype 2015-03-09 19:59 - 2014-06-20 19:17 - 00000000 ____D () C:\Users\Robin Gaudig 2015-03-09 17:55 - 2014-06-24 14:47 - 00182120 __RSH () C:\Users\Robin lernt\ntuser.pol 2015-03-09 17:55 - 2014-06-24 14:47 - 00000000 ____D () C:\Users\Robin lernt 2015-03-08 21:41 - 2014-06-27 16:06 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\Skype 2015-03-08 10:36 - 2014-10-09 17:23 - 00000000 ____D () C:\ProgramData\Origin 2015-03-07 17:15 - 2014-12-24 23:03 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\vlc 2015-03-07 16:19 - 2014-07-20 14:43 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\CrashDumps 2015-03-07 10:21 - 2010-11-21 04:47 - 00492774 _____ () C:\Windows\PFRO.log 2015-03-06 13:55 - 2014-06-27 15:12 - 00000000 ____D () C:\Users\Robin Gaudig_2\.gimp-2.8 2015-03-06 13:54 - 2014-06-27 15:20 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Local\gtk-2.0 2015-03-05 17:39 - 2014-06-30 19:43 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-03-04 20:58 - 2014-06-28 14:36 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\.minecraft 2015-03-04 18:01 - 2014-10-09 20:37 - 00000000 ___SD () C:\Users\Robin Gaudig_2\Documents\Meine Websites 2015-03-04 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-02 17:49 - 2014-10-02 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-03-02 17:49 - 2014-08-17 18:49 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-03-02 16:48 - 2014-10-13 19:14 - 00001160 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-02 16:48 - 2014-10-13 19:07 - 00002116 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-03-02 16:48 - 2014-06-20 19:50 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-02 16:48 - 2014-06-20 19:50 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-28 20:44 - 2014-06-21 18:14 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-28 20:44 - 2014-06-21 18:14 - 00000000 ____D () C:\ProgramData\Skype 2015-02-27 19:54 - 2014-09-12 19:06 - 00000000 ____D () C:\Program Files (x86)\Brick-Force 2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-22 11:05 - 2014-10-21 18:05 - 00000108 _____ () C:\Users\Robin Gaudig\AppData\Roaming\WB.CFG 2015-02-15 13:56 - 2015-01-02 18:28 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-02-14 23:29 - 2015-02-07 17:21 - 00000000 ____D () C:\Users\Robin Gaudig_2\Desktop\NI 2015-02-14 22:58 - 2015-02-07 17:21 - 00000000 ____D () C:\Users\Robin Gaudig_2\Documents\Native Instruments 2015-02-14 22:57 - 2015-02-01 20:20 - 00000000 ___RD () C:\Users\Robin Gaudig_2\Desktop\Nur so Project 2015-02-14 22:54 - 2015-01-31 13:48 - 00000000 ____D () C:\Users\Robin Gaudig_2\Desktop\k-391 2015-02-14 22:00 - 2015-01-25 13:03 - 00002461 _____ () C:\Users\Robin Gaudig_2\Desktop\GrooveLoad.lnk 2015-02-14 19:46 - 2014-06-24 10:25 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2015-02-14 19:40 - 2015-01-02 18:17 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-14 14:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-12 16:46 - 2014-12-17 20:09 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 16:46 - 2014-06-22 03:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 16:46 - 2009-07-14 05:45 - 00388000 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 16:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-11 21:05 - 2014-12-26 13:12 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 21:03 - 2014-07-02 06:32 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 21:01 - 2014-07-02 06:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 15:46 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-11 15:45 - 2014-11-28 19:40 - 00000000 ____D () C:\ProgramData\Electronic Arts 2015-02-11 14:06 - 2014-11-28 19:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-02-10 21:36 - 2014-10-09 17:35 - 00000000 ____D () C:\Users\Robin Gaudig_2\AppData\Roaming\Origin ==================== Files in the root of some directories ======= 2014-12-23 20:07 - 2014-12-25 19:48 - 0000097 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\LauncherSettings_live.cfg 2014-12-23 19:24 - 2014-12-23 19:24 - 0000039 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\TheHunterSettings_steam_live.cfg 2014-10-09 20:49 - 2015-03-11 20:49 - 0000225 _____ () C:\Users\Robin Gaudig_2\AppData\Roaming\WB.CFG 2014-10-11 10:49 - 2014-12-17 20:49 - 0000010 _____ () C:\Users\Robin Gaudig_2\AppData\Local\DSI.DAT 2014-12-17 20:49 - 2014-12-17 20:49 - 0022528 _____ () C:\Users\Robin Gaudig_2\AppData\Local\dsisetup12451992.exe 2014-12-02 17:49 - 2014-12-02 17:49 - 0022528 _____ () C:\Users\Robin Gaudig_2\AppData\Local\dsisetup17503782.exe 2014-11-22 16:49 - 2014-11-22 16:49 - 0022528 _____ () C:\Users\Robin Gaudig_2\AppData\Local\dsisetup20345492.exe 2015-03-06 13:54 - 2015-03-06 13:54 - 0004486 _____ () C:\Users\Robin Gaudig_2\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Robin Gaudig\AppData\Local\Temp\APNSetup.exe C:\Users\Robin Gaudig\AppData\Local\Temp\IrsoDLL.dll C:\Users\Robin Gaudig\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Robin Gaudig\AppData\Local\Temp\res.dll C:\Users\Robin Gaudig\AppData\Local\Temp\SkypeSetup.exe C:\Users\Robin Gaudig\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_12327.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\63887uninstall.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\CmdLineExt.dll C:\Users\Robin Gaudig_2\AppData\Local\Temp\dsrsetup.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\ICReinstall_CR_Downloader_fuer_resident-evil-2-(disc-1).exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\ins.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-15-g66c314d-b3104jnks.dll C:\Users\Robin Gaudig_2\AppData\Local\Temp\optprosetup.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\readSTILog.dll C:\Users\Robin Gaudig_2\AppData\Local\Temp\res.dll C:\Users\Robin Gaudig_2\AppData\Local\Temp\SkypeSetup.exe C:\Users\Robin Gaudig_2\AppData\Local\Temp\_isD3B2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-05 18:11 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Robin Gaudig_2 at 2015-03-11 21:03:38 Running from C:\Users\Robin Gaudig_2\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE) 8BitMMO (HKLM-x32\...\Steam App 250420) (Version: - Archive Entertainment) Ableton Live 8 (HKLM\...\{2255E38A-CFD5-4462-8EFC-DB9F1ADBACC1}) (Version: 8.0.0.0 - Ableton) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated) Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated) Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AppSafe (HKLM-x32\...\AppSafe) (Version: 1 - AppSafe) <==== ATTENTION! Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.3.383.130.19 - Infernum Productions AG) Brother HL-3040CN (HKLM-x32\...\{C7E8EAE4-C501-49AF-A234-C88AB40AF3B1}) (Version: 1.00 - Brother) CadStd (HKLM-x32\...\CadStd) (Version: 3.7.5 - Apperson & Daughters) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve) DDFCreator 2.2.1 (HKLM-x32\...\DDFCreator_2.2.1) (Version: 2.2.1 - DMXControl Projects e.V.) Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DMXControl 2.12.2 (HKLM-x32\...\DMXControl) (Version: 2.12.2 - PopSoft) Drakonia Configurator (HKLM-x32\...\{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1) (Version: - ) Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden English G 21 e-Workbook A4 (HKLM-x32\...\{AFD8C997-FE93-4C1C-A682-47B6C65F8417}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FaceRig (HKLM-x32\...\Steam App 274920) (Version: - Holotech Studios) FileZilla Client 3.9.0.5 (HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve) Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat) iControls iMap V2.00 (HKLM-x32\...\iControls iMap V2.00) (Version: - ) icreativ 1.00 (HKLM-x32\...\icreativ 1.00) (Version: - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iStage iMap V2.00 (HKLM-x32\...\iStage iMap V2.00) (Version: - ) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Magic 3D Easy View (HKLM-x32\...\Magic 3D Easy View_is1) (Version: - Nicolaudie) Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.4.199 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.3.935 - Native Instruments) Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments) NetObjects Fusion 2013 (HKLM-x32\...\{61C5D98F-09AC-4409-A04E-865BEF2062C0}) (Version: 13.0 - NetObjects) NetObjects Fusion 2013 (x32 Version: 13.00.0000.5511 - NetObjects) Hidden NVIDIA 3D Vision Controller-Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation) NVIDIA Grafiktreiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) OMNITRONIC DDI 4x4 (HKLM\...\USB_AUDIO_DEusb-audio.deOT_DigitalDJ) (Version: - ) ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.) phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - ) PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.) ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH) SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden SiudiDriver Version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG) Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore) TP-LINK TL-WN725N_TL-WN723N Treiber (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) Unity Web Player (HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.) Warframe (HKLM-x32\...\{80C1A5AB-028A-4689-BE13-1123FF4E9B9D}) (Version: 1.0.0 - Digital Extremes) WebM Project Directshow Filters (HKU\S-1-5-21-25066539-1866889071-2790813578-1004\...\webmdshow) (Version: - ) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-25066539-1866889071-2790813578-1004_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) ==================== Restore Points ========================= 10-03-2015 15:26:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-04 18:40 - 2014-08-04 18:40 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.cloud.techsmith.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {107CE0B7-9C0B-43CE-83B7-1F384186AD0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9754A469-66F7-40B2-857C-8D042F2BC3B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {983CCC29-6452-4085-9EA5-7CBAC2A7B160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.) Task: {9D937991-BB5C-49CE-87B6-744E09E3CD9B} - System32\Tasks\AppCloudUpdater => C:\Users\Robin Gaudig\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {A67C1E1C-1865-49ED-B411-A2B5FA717A00} - System32\Tasks\{4ADBE1E5-6F45-4304-B3A9-68F00FC96510} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe" -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA} Task: {AA41FA94-AE84-446B-979C-F05D489543B4} - System32\Tasks\AdobeAAMUpdater-1.0-Robin-Robin Gaudig_2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe Task: {E2914127-DA44-440C-8391-9CC8F875EF92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.) Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe Task: {EE50C1C3-AA65-410A-833F-C150EE83C471} - System32\Tasks\WSE_Astromenda => C:\Users\Robin Gaudig_2\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-12-17] () <==== ATTENTION Task: {F6915A09-4FC3-42A3-A2D5-9C8850319D4A} - System32\Tasks\Rocket Updater => C:\Users\Robin Gaudig\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\ROBING~1\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\ROBING~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\ROBING~2\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2014-06-20 19:41 - 2013-05-12 21:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-11-15 19:34 - 2015-03-11 20:30 - 00123632 _____ () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-12-24 20:39 - 2013-12-18 18:21 - 05147248 _____ () C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe 2014-10-12 18:12 - 2013-01-10 18:09 - 00848384 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe 2015-01-13 21:05 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Skiller Pro\Monitor.EXE 2015-01-13 21:22 - 2012-06-07 10:24 - 00246784 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe 2015-01-13 21:22 - 2012-03-05 13:46 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe 2015-01-13 21:29 - 2013-06-06 03:09 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-12-24 20:39 - 2013-05-06 15:42 - 00118272 _____ () C:\Program Files (x86)\ROCCAT\Power-Grid\quazip.dll 2014-12-25 18:44 - 2015-02-27 17:49 - 00045568 _____ () C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRigVirtualCam32.ax 2014-10-12 18:12 - 2012-12-14 09:52 - 01401856 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\nicLan.dll 2014-10-12 18:12 - 2013-01-10 18:16 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\DC_WFF.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2015-01-13 21:05 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\Skiller Pro\lan.dll 2015-01-13 21:05 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\Skiller Pro\hiddriver.dll 2015-01-13 21:22 - 2011-11-22 14:18 - 00061440 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll 2015-03-06 21:41 - 2015-02-28 02:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll 2015-03-06 21:41 - 2015-02-28 02:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll 2015-03-06 21:41 - 2015-02-28 02:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll 2015-01-13 21:22 - 2011-11-22 14:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll 2015-01-28 20:27 - 2015-01-28 20:27 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-25066539-1866889071-2790813578-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin Gaudig_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-25066539-1866889071-2790813578-500 - Administrator - Disabled) Gast (S-1-5-21-25066539-1866889071-2790813578-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-25066539-1866889071-2790813578-1002 - Limited - Enabled) Robin Gaudig (S-1-5-21-25066539-1866889071-2790813578-1000 - Administrator - Enabled) => C:\Users\Robin Gaudig Robin Gaudig_2 (S-1-5-21-25066539-1866889071-2790813578-1004 - Administrator - Enabled) => C:\Users\Robin Gaudig_2 Robin lernt (S-1-5-21-25066539-1866889071-2790813578-1003 - Limited - Enabled) => C:\Users\Robin lernt ==================== Faulty Device Manager Devices ============= Name: TP-LINK Wireless USB Adapter Description: TP-LINK Wireless USB Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TP-LINK TECHNOLOGIES CO. Service: RtlWlanu Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AODDriver4.2 Description: AODDriver4.2 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/11/2015 09:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 08:59:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/11/2015 07:59:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 07:58:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/10/2015 03:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2015 03:20:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/09/2015 06:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 06:17:32 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/09/2015 02:15:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:13:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) System errors: ============= Error: (03/11/2015 08:59:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (03/11/2015 08:59:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/11/2015 07:58:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (03/11/2015 07:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/10/2015 03:20:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (03/10/2015 03:20:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/09/2015 07:59:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Robin) Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO-S-1-5-21-25066539-1866889071-2790813578-1000" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden. Error: (03/09/2015 06:30:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Robin) Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO-S-1-5-21-25066539-1866889071-2790813578-1000" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden. Error: (03/09/2015 06:17:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (03/09/2015 06:17:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Microsoft Office Sessions: ========================= Error: (03/11/2015 09:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 08:59:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/11/2015 07:59:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/11/2015 07:58:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/10/2015 03:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2015 03:20:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/09/2015 06:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 06:17:32 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/09/2015 02:15:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:13:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 250 Processor Percentage of memory in use: 24% Total physical RAM: 8189.55 MB Available physical RAM: 6157.1 MB Total Pagefile: 16377.3 MB Available Pagefile: 14117.22 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:16.01 GB) NTFS Drive d: () (Fixed) (Total:128 GB) (Free:122.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 444C544E) No partition Table on disk 0. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9B61EAAA) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
11.03.2015, 21:16
| #2 | |
| /// the machine /// TB-Ausbilder    | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? hi,
__________________Zitat:
__________________ |
|
11.03.2015, 21:20
| #3 | |
| > MalwareDB | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner?Zitat:
__________________ |
|
12.03.2015, 11:55
| #4 |
| /// the machine /// TB-Ausbilder | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? dann gehts erst weiter wenn das entfernt wurde 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 15:46
| #5 |
| | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hey Schrauber, Es ist so: Es war ein Key Unlocker Trojaner und ein Password wurde gehackt, Ich hbae meine Ganzen Gegenstände verlohren aber dann durch die Steamapp das Passort wieder zurücksetzen können, die Sachen im wert von ca. 30€ sind weg aber die Spiele sind noch da, wenn du mir jedoch helfen kannst bitte sag mir wie ich prüfen kann ob der Trojaner noch existiert, danke |
|
12.03.2015, 15:53
| #6 |
| | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hier ist der Trojaner in einem Ziparchiv: Anhang entfernt //cosinus Geändert von cosinus (12.03.2015 um 16:18 Uhr) |
|
12.03.2015, 16:07
| #7 |
| > MalwareDB | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Datei bitte löschen! https://www.virustotal.com/de/file/1...is/1426172542/
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
12.03.2015, 16:11
| #8 |
| | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hey BataAlexander, Meinst du aus dem Forum oder von meinem PC? Wenn aus dem Forum sag mir bitte wie, ich bin neu hier  |
|
12.03.2015, 16:33
| #9 | |
| > MalwareDB | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner?Zitat:
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
12.03.2015, 17:00
| #10 |
| | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hey BataAlexander, Ich habe nichtmal Camtasia Studio 8, ich hate mal die Testversion mehr nicht, Ich benutze seit längerem Premiere. Könnt ihr mir sagen wo dieses Camtasia liegen soll, danke Ach ok, habs gefunden und entfernt... Danke fürs Bescheid sagen, wusste nichtmal dass das existiert. Und das ich das mal gecrackt hatte. Muss schon lange her sein. |
|
13.03.2015, 09:17
| #11 |
| /// the machine /// TB-Ausbilder | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.03.2015, 14:44
| #12 |
| | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? Hey Schrauber... Danke für die hilfe, hat sich gekährt hab Prof Hilfe bekommen. Trotzdem danke, falls es malwieder probleme gibt melde ich mich hier |
|
13.03.2015, 17:56
| #13 |
| /// the machine /// TB-Ausbilder | Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner? |
| adware, bluestacks, bonjour, browser, converter, downloader, error, failed, fehler, firefox, flash player, ftp, google, homepage, mozilla, newtab, realtek, registry, rundll, secur, security, software, svchost.exe, system, tablet, teredo, trojaner, trojaner?, windows |
Linear-Darstellung
