| |  Diverse Trojaner nach missflückter FireFox-Öffnung entdeckt
Frst: Zitat:
scan result of farbar recovery scan tool (frst.txt) (x64) version: 05-08-2014
ran by florian (administrator) on flospc on 06-08-2014 14:49:44
running from c:\users\florian\downloads
platform: Windows 8 (x64) os language: Deutsch (deutschland)
internet explorer version 10
boot mode: Normal
the only official download link for frst:
Download link for 32-bit version: Http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
download link for 64-bit version: Http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
download link from any site other than bleeping computer is unpermitted or outdated.
See tutorial for frst: Http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== processes (whitelisted) =================
(if an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(amd) c:\windows\system32\atiesrxx.exe
(realtek semiconductor) c:\program files\realtek\audio\hda\rtkaudioservice64.exe
() c:\program files (x86)\toshiba\password utility\gfnexsrv.exe
(avira operations gmbh & co. Kg) c:\program files (x86)\avira\antivir desktop\sched.exe
(avira operations gmbh & co. Kg) c:\program files (x86)\avira\antivir desktop\avguard.exe
(intel(r) corporation) c:\program files\intel\icls client\heciserver.exe
(microsoft corporation) c:\windows\system32\dashost.exe
(intel corporation) c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
() c:\windows\syswow64\pnkbstra.exe
(toshiba corporation) c:\windows\system32\toddsrv.exe
(avira operations gmbh & co. Kg) c:\program files (x86)\avira\antivir desktop\avshadow.exe
(intel corporation) c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
(intel corporation) c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
(nero ag) c:\program files (x86)\nero\update\nasvc.exe
(intel corporation) c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
(toshiba corporation) c:\program files\toshiba\tphm\tpchsrv.exe
(tuneup software) c:\program files (x86)\tuneup utilities 2014\tuneuputilitiesservice64.exe
(amd) c:\windows\system32\atieclxx.exe
(realtek semiconductor) c:\program files\realtek\audio\hda\ravbg64.exe
(tuneup software) c:\program files (x86)\tuneup utilities 2014\tuneuputilitiesapp64.exe
(ivosoft) c:\program files\classic shell\classicstartmenu.exe
(toshiba corporation) c:\program files (x86)\toshiba\system setting\tsleepsrv.exe
(toshiba corporation) c:\program files\toshiba\tphm\tpchwmsg.exe
(srs labs, inc.) c:\program files\srs labs\srs control panel\srspanel_64.exe
(synaptics incorporated) c:\program files\synaptics\syntp\syntpenh.exe
(synaptics incorporated) c:\program files\synaptics\syntp\syntphelper.exe
(realtek semiconductor) c:\program files\realtek\audio\hda\ravcpl64.exe
(valve corporation) c:\program files (x86)\steam\steam.exe
(amd) c:\program files (x86)\ati technologies\hydravision\hydradm.exe
(amd) c:\program files (x86)\ati technologies\hydravision\hydradm64.exe
(intel corporation) c:\program files (x86)\intel\intelappstore\bin\ismagent.exe
(avira operations gmbh & co. Kg) c:\program files (x86)\avira\antivir desktop\avgnt.exe
(advanced micro devices inc.) c:\program files (x86)\ati technologies\ati.ace\core-static\mom.exe
(ati technologies inc.) c:\program files (x86)\ati technologies\ati.ace\core-static\ccc.exe
(valve corporation) c:\program files (x86)\common files\steam\steamservice.exe
(microsoft corporation) c:\program files\internet explorer\iexplore.exe
(adobe systems incorporated) c:\windows\system32\macromed\flash\flashutil_activex.exe
(openoffice.org) c:\program files (x86)\openoffice.org 3\program\soffice.exe
(openoffice.org) c:\program files (x86)\openoffice.org 3\program\soffice.bin
==================== registry (whitelisted) ==================
(if an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
hklm\...\run: [] => [x]
hklm\...\run: [tcrdmain] => c:\program files\toshiba\hotkey\tcrdmain_win8.exe [2611112 2012-09-05] ()
hklm\...\run: [tsleepsrv] => c:\program files (x86)\toshiba\system setting\tsleepsrv.exe [1548952 2012-08-05] (toshiba corporation)
hklm\...\run: [toddmain] => c:\program files (x86)\toshiba\system setting\toddmain.exe [213136 2012-08-05] ()
hklm\...\run: [tecoresident] => c:\program files\toshiba\teco\tecoresident.exe [169896 2012-08-14] (toshiba corporation)
hklm\...\run: [toswaitsrv] => c:\program files\toshiba\tphm\toswaitsrv.exe [356776 2012-07-11] (toshiba corporation)
hklm\...\run: [srs premium sound hd] => c:\program files\srs labs\srs control panel\srspanel_64.exe [2170784 2012-08-20] (srs labs, inc.)
hklm\...\run: [syntpenh] => c:\program files\synaptics\syntp\syntpenh.exe [2916152 2012-08-18] (synaptics incorporated)
hklm\...\run: [rthdvcpl] => c:\program files\realtek\audio\hda\ravcpl64.exe [13662936 2000-01-01] (realtek semiconductor)
hklm\...\run: [classic start menu] => c:\program files\classic shell\classicstartmenu.exe [161984 2014-04-20] (ivosoft)
hklm-x32\...\run: [intel appup(sm) center] => c:\program files (x86)\intel\intelappstore\bin\ismagent.exe [155488 2012-08-02] (intel corporation)
hklm-x32\...\run: [tpureg] => c:\program files (x86)\toshiba\password utility\tospu.exe [7148032 2012-10-31] (pegatron corporation)
hklm-x32\...\run: [avgnt] => c:\program files (x86)\avira\antivir desktop\avgnt.exe [750160 2014-07-03] (avira operations gmbh & co. Kg)
hklm-x32\...\run: [sunjavaupdatesched] => c:\program files (x86)\common files\java\java update\jusched.exe [254336 2013-07-02] (oracle corporation)
hklm-x32\...\run: [startccc] => c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe [767200 2014-04-17] (advanced micro devices, inc.)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\run: [steam] => c:\program files (x86)\steam\steam.exe [1753280 2014-07-16] (valve corporation)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\run: [daemon tools lite] => c:\program files (x86)\daemon tools lite\dtlite.exe [3672640 2013-03-14] (disc soft ltd)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\run: [eadm] => c:\program files (x86)\origin\origin.exe [3595608 2014-07-31] (electronic arts)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\run: [raptr] => c:\program files (x86)\raptr\raptrstub.exe [55360 2014-06-24] (raptr, inc)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\run: [hydravisiondesktopmanager] => c:\program files (x86)\ati technologies\hydravision\hydradm.exe [1967616 2014-04-17] (amd)
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\policies\explorer\disallowrun: [1] firefox.exe
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\policies\explorer: [norecentdocshistory] 1
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\policies\explorer: [norecentdocsmenu] 1
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\policies\explorer: [disallowrun] 1
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\mountpoints2: {33f21196-92ce-11e2-be79-c0d962307ac3} - "e:\setup_populous_the_beginning_2.0.0.5.exe"
hku\s-1-5-21-2417515031-4054562374-1906131541-1001\...\mountpoints2: {dd487c71-92e4-11e2-be7b-c0d962307ac3} - "f:\startclickfreebackup.exe"
ifeo\tecoresident.exe: [debugger] "c:\program files (x86)\tuneup utilities 2014\tuautoreactivator64.exe"
startup: C:\users\florian\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.4.1.lnk
shortcuttarget: Openoffice.org 3.4.1.lnk -> c:\program files (x86)\openoffice.org 3\program\quickstart.exe ()
shelliconoverlayidentifiers: Shareoverlay -> {594d4122-1f87-41e2-96c7-825fb4796516} => c:\program files\classic shell\classicexplorer64.dll (ivosoft)
shelliconoverlayidentifiers-x32: Shareoverlay -> {594d4122-1f87-41e2-96c7-825fb4796516} => c:\program files\classic shell\classicexplorer32.dll (ivosoft)
==================== internet (whitelisted) ====================
(if an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
hkcu\software\microsoft\internet explorer\main,start page = hxxp://toshiba13.msn.com
hkcu\software\microsoft\internet explorer\main,default_page_url = hxxp://toshiba13.msn.com
searchscopes: Hklm - defaultscope {32d4b220-d76a-4a0f-92f5-28e71dc544d8} url = hxxp://www.bing.com/search?q={searchterms}&form=ie10tr&src=ie10tr&pc=matmjs
searchscopes: Hklm - {32d4b220-d76a-4a0f-92f5-28e71dc544d8} url = hxxp://www.bing.com/search?q={searchterms}&form=ie10tr&src=ie10tr&pc=matmjs
searchscopes: Hklm-x32 - defaultscope value is missing.
Searchscopes: Hklm-x32 - {32d4b220-d76a-4a0f-92f5-28e71dc544d8} url = hxxp://www.bing.com/search?q={searchterms}&form=ie10tr&src=ie10tr&pc=matmjs
searchscopes: Hkcu - defaultscope {32d4b220-d76a-4a0f-92f5-28e71dc544d8} url =
searchscopes: Hkcu - {32d4b220-d76a-4a0f-92f5-28e71dc544d8} url =
searchscopes: Hkcu - {e044431c-3b18-4337-82be-790eacec6a1a} url = hxxp://www.mysearchresults.com/search?c=4005&t=14&q={searchterms}
bho: Explorerbho class -> {449d0d6e-2412-4e61-b68f-1cb625cd9e52} -> c:\program files\classic shell\classicexplorer64.dll (ivosoft)
bho-x32: Explorerbho class -> {449d0d6e-2412-4e61-b68f-1cb625cd9e52} -> c:\program files\classic shell\classicexplorer32.dll (ivosoft)
bho-x32: Java(tm) plug-in ssv helper -> {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -> c:\program files (x86)\java\jre7\bin\ssv.dll (oracle corporation)
bho-x32: Java(tm) plug-in 2 ssv helper -> {dbc80044-a445-435b-bc74-9c25c1c588a9} -> c:\program files (x86)\java\jre7\bin\jp2ssv.dll (oracle corporation)
toolbar: Hklm - classic explorer bar - {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\classicexplorer64.dll (ivosoft)
toolbar: Hklm-x32 - classic explorer bar - {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\classicexplorer32.dll (ivosoft)
tcpip\parameters: [dhcpnameserver] 192.168.178.1
firefox:
========
ff profilepath: C:\users\florian\appdata\roaming\mozilla\firefox\profiles\cxk11ib2.default
ff homepage: Google.de
ff networkproxy: "autoconfig_url", "data:text/javascript,function%20findproxyforurl(url%2c%20host)%20%7bif%20(shexpmatch(url%2c%20'http%3a%2f%2fgrooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'h ttp%3a%2f%2fretro.grooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fhtml5.grooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f% 2flisten.grooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.grooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fpreview.g rooveshark.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fplay.spotify.com*')%20%7c%7c%20shexpmatch(url%2c%20'https%3a%2f%2fplay.spotify.com*')%2 0%7c%7c%20shexpmatch(url%2c%20'https%3a%2f%2fwww.spotify.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.spotify.com*')%20%7c%7c%20url.indexof ('play.google.com')%20!%3d%20-1%20%7c%7c%20(url.indexof('youtube.com%2fvideoplayback')%20!%3d%20-1%20%26%26%20url.indexof('%26gcr%3dus')%20!%3d%20-1%20%26%26%20url.indexof('%26ptchn')%20!%3d%20-1)%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.crunchyroll.com*')%20%7c%7c%20(url.indexof('proxmate%3dactive')%20!%3d%20-1%20%26%26%20url.indexof('amazonaws.com')%20%3d%3d%20-1)%20%7c%7c%20(url.indexof('proxmate%3dus')%20!%3d%20-1)%20%7c%7c%20host%20%3d%3d%20's.hulu.com'%20%7c%7c%20shexpmatch(url%2c%20'https%3a%2f%2fwww.daisuki.net*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f %2fsongza.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fnew.songza.com*')%20%7c%7c%20host%20%3d%3d%20'www.pandora.com'%20%7c%7c%20url.indexof('v evo.com')%20!%3d%20-1%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.mtv.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fmedia.mtvnservices.com*')%20%7c%7c%20shexpm atch(url%2c%20'http%3a%2f%2fpiki.fm*')%20%7c%7c%20shexpmatch(url%2c%20'https%3a%2f%2fpiki.fm*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.ihear t.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.rdio.com*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.funimation.com*')%20%7c%7c%20sh expmatch(url%2c%20'https%3a%2f%2fsecure.funimation.com*')%20%7c%7c%20shexpmatch(url%2c%20'https%3a%2f%2faccount.beatsmusic.com*')%20%7c%7c%20shexpmatc h(url%2c%20'http%3a%2f%2fwww.beatsmusic.com*')%20%7c%7c%20url.indexof('discoverymedia.com')%20!%3d%20-1%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fdsc.discovery.com%2f*')%20%7c%7c%20url.indexof('southparkstudios.com')%20!%3d%20-1%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fwww.last.fm*')%20%7c%7c%20shexpmatch(url%2c%20'http%3a%2f%2fext.last.fm*'))%20%7b%20return%20'proxy%20u s07.sq.proxmate.me%3a8000%3b%20proxy%20us05.sq.proxmate.me%3a8000%3b%20proxy%20us02.sq.proxmate.me%3a8000%3b%20proxy%20us08.sq.proxmate.me%3a8000%3b%2 0proxy%20us10.sq.proxmate.me%3a8000%3b%20proxy%20us11.sq.proxmate.me%3a8000%3b%20proxy%20us09.sq.proxmate.me%3a8000%3b%20proxy%20us03.sq.proxmate.me%3 a8000%3b%20proxy%20us06.sq.proxmate.me%3a8000%3b%20proxy%20us04.sq.proxmate.me%3a8000%3b%20proxy%20us01.sq.proxmate.me%3a8000'%3b%7d%20%20else%20%7b%2 0return%20'direct'%3b%20%7d%7d"
ff networkproxy: "type", 2
ff plugin: @adobe.com/flashplayer -> c:\windows\system32\macromed\flash\npswf64_14_0_0_145.dll ()
ff plugin-x32: @adobe.com/flashplayer -> c:\windows\syswow64\macromed\flash\npswf32_14_0_0_145.dll ()
ff plugin-x32: @esn.me/esnsonar,version=0.70.4 -> c:\program files (x86)\battlelog web plugins\sonar\0.70.4\npesnsonar.dll (esn social software ab)
ff plugin-x32: @esn/npbattlelog,version=2.3.2 -> c:\program files (x86)\battlelog web plugins\2.3.2\npbattlelog.dll (ea digital illusions ce ab)
ff plugin-x32: @intel-webapi.intel.com/intel webapi ipt;version=2.1.42 -> c:\program files (x86)\intel\intel(r) management engine components\ipt\npintelwebapiipt.dll (intel corporation)
ff plugin-x32: @intel-webapi.intel.com/intel webapi updater -> c:\program files (x86)\intel\intel(r) management engine components\ipt\npintelwebapiupdater.dll (intel corporation)
ff plugin-x32: @java.com/dtplugin,version=10.51.2 -> c:\program files (x86)\java\jre7\bin\dtplugin\npdeployjava1.dll (oracle corporation)
ff plugin-x32: @java.com/javaplugin,version=10.51.2 -> c:\program files (x86)\java\jre7\bin\plugin2\npjp2.dll (oracle corporation)
ff plugin-x32: @nero.com/km -> c:\progra~2\common~1\nero\browse~1\npbrow~1.dll (nero ag)
ff plugin hkcu: Ubisoft.com/uplaypc - c:\program files (x86)\ubisoft\ubisoft game launcher\npuplaypc.dll ()
ff user.js: Detected! => c:\users\florian\appdata\roaming\mozilla\firefox\profiles\cxk11ib2.default\user.js
ff searchplugin: C:\program files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
ff searchplugin: C:\program files (x86)\mozilla firefox\browser\searchplugins\ebay-de.xml
ff searchplugin: C:\program files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
ff searchplugin: C:\program files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
ff extension: Proxmate - proxy on steroids! - c:\users\florian\appdata\roaming\mozilla\firefox\profiles\cxk11ib2.default\extensions\jid1-qphd8urtzwjc2a@jetpack.xpi [2013-03-24]
ff extension: Adblock plus - c:\users\florian\appdata\roaming\mozilla\firefox\profiles\cxk11ib2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-10]
ff hklm-x32\...\thunderbird\extensions: [msktbird@mcafee.com] - c:\program files\mcafee\msk
chrome:
=======
chr hklm-x32\...\chrome\extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - c:\users\florian\chromeextensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-05]
==================== services (whitelisted) =================
(if an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
r2 antivirschedulerservice; c:\program files (x86)\avira\antivir desktop\sched.exe [430160 2014-07-03] (avira operations gmbh & co. Kg)
r2 antivirservice; c:\program files (x86)\avira\antivir desktop\avguard.exe [430160 2014-07-03] (avira operations gmbh & co. Kg)
r2 gfnexsrv; c:\program files (x86)\toshiba\password utility\gfnexsrv.exe [156672 2011-10-14] () [file not signed]
r2 intel(r) me service; c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe [129856 2012-06-27] (intel corporation)
r2 jhi_service; c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe [166720 2012-06-25] (intel corporation)
r2 pnkbstra; c:\windows\syswow64\pnkbstra.exe [76888 2013-10-01] ()
r2 rtkaudioservice; c:\program files\realtek\audio\hda\rtkaudioservice64.exe [289496 2000-01-01] (realtek semiconductor)
s3 tempromonitoringservice; c:\program files (x86)\toshiba tempro\temprosvc.exe [114656 2012-09-25] (toshiba europe gmbh)
r2 tuneup.utilitiessvc; c:\program files (x86)\tuneup utilities 2014\tuneuputilitiesservice64.exe [2145080 2014-07-16] (tuneup software)
s3 windefend; c:\program files\windows defender\msmpeng.exe [16056 2014-03-29] (microsoft corporation)
==================== drivers (whitelisted) ====================
(if an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
s0 amdkmafd; c:\windows\system32\drivers\amdkmafd.sys [21160 2012-09-23] (advanced micro devices, inc.)
r3 atihdaudioservice; c:\windows\system32\drivers\atihdw86.sys [215040 2013-12-19] (advanced micro devices)
r2 atksgt; c:\windows\system32\drivers\atksgt.sys [314016 2013-04-21] ()
r2 avgntflt; c:\windows\system32\drivers\avgntflt.sys [117712 2014-07-03] (avira operations gmbh & co. Kg)
r1 avipbb; c:\windows\system32\drivers\avipbb.sys [130584 2014-06-03] (avira operations gmbh & co. Kg)
r1 avkmgr; c:\windows\system32\drivers\avkmgr.sys [28600 2013-10-07] (avira operations gmbh & co. Kg)
r3 bthleenum; c:\windows\system32\drivers\bthleenum.sys [202752 2012-07-26] (microsoft corporation)
r1 dtsoftbus01; c:\windows\system32\drivers\dtsoftbus01.sys [283200 2013-03-22] (dt soft ltd)
r2 lirsgt; c:\windows\system32\drivers\lirsgt.sys [43680 2013-04-21] ()
r2 pegagfn; c:\program files (x86)\toshiba\password utility\pegagfn.sys [14344 2009-09-12] (pegatron)
s3 rtl8192ce; c:\windows\system32\drivers\rtwlane.sys [1119232 2012-06-30] (realtek semiconductor corporation )
s3 swdumon; c:\windows\system32\drivers\swdumon.sys [16152 2014-01-26] ()
r3 thotkey; c:\windows\system32\drivers\thotkey.sys [28632 2012-07-31] (windows (r) win 7 ddk provider)
r3 tuneuputilitiesdrv; c:\program files (x86)\tuneup utilities 2014\tuneuputilitiesdriver64.sys [14112 2013-08-21] (tuneup software)
s3 cpuz135; \??\c:\program files (x86)\cpuid\pc wizard 2012\pcwiz_x64.sys [x]
s3 smbdrvi; \systemroot\system32\drivers\smb_driver_intel.sys [x]
==================== netsvcs (whitelisted) ===================
(if an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== one month created files and folders ========
(if an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 14:49 - 2014-08-06 14:49 - 02094080 _____ (farbar) c:\users\florian\downloads\frst64.exe
2014-08-06 14:49 - 2014-08-06 14:49 - 00019256 _____ () c:\users\florian\downloads\frst.txt
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 ____d () c:\frst
2014-08-05 22:36 - 2014-08-06 14:47 - 00050687 _____ () c:\windows\windowsupdate.log
2014-08-05 21:39 - 2014-08-05 21:39 - 02623656 _____ (vs revo group ltd.) c:\users\florian\downloads\revosetup95.exe
2014-08-05 21:39 - 2014-08-05 21:39 - 00001239 _____ () c:\users\florian\desktop\revo uninstaller.lnk
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____d () c:\program files (x86)\vs revo group
2014-08-05 17:56 - 2014-08-06 14:05 - 00122584 _____ (malwarebytes corporation) c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-05 17:56 - 2014-08-05 17:56 - 00001077 _____ () c:\users\public\desktop\ malwarebytes anti-malware .lnk
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\ malwarebytes anti-malware
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\programdata\malwarebytes
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\program files (x86)\ malwarebytes anti-malware
2014-08-05 17:56 - 2014-05-12 07:26 - 00091352 _____ (malwarebytes corporation) c:\windows\system32\drivers\mbamchameleon.sys
2014-08-05 17:56 - 2014-05-12 07:26 - 00064216 _____ (malwarebytes corporation) c:\windows\system32\drivers\mwac.sys
2014-08-05 17:56 - 2014-05-12 07:25 - 00025816 _____ (malwarebytes corporation) c:\windows\system32\drivers\mbam.sys
2014-08-05 17:55 - 2014-08-05 17:55 - 17292760 _____ (malwarebytes corporation ) c:\users\florian\downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 17:42 - 2014-08-05 17:42 - 00000000 ____d () c:\users\florian\appdata\local\temp7d0baba979668711c4bf61f16f89c15b
2014-08-05 17:39 - 2014-08-05 17:39 - 00000000 ____d () c:\users\florian\chromeextensions
2014-08-05 17:39 - 2014-08-05 17:39 - 00000000 ____d () c:\users\florian\appdata\local\temp5c615c6bee14695db731840470ca3ff2
2014-08-01 18:38 - 2014-04-09 02:08 - 00000000 ____d () c:\users\florian\downloads\00.schneider.im.wendekreis.der.eidechse.german.2013.ac3.dvdrip.x264-xf
2014-08-01 17:27 - 2014-08-01 17:27 - 00000000 ____d () c:\program files (x86)\mozilla firefox
2014-07-27 18:22 - 2014-08-06 14:47 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\bullfrog
2014-07-27 18:22 - 2014-07-27 18:22 - 00000000 ____d () c:\users\florian\appdata\roaming\microsoft\windows\start menu\programs\bullfrog
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____d () c:\users\florian\downloads\populous.the.beginning.v2.0.0.5.gog.classic-g3l
2014-07-24 21:24 - 2014-07-24 21:25 - 00000000 ____d () c:\users\florian\downloads\legend
2014-07-19 23:29 - 2014-07-19 23:31 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\heroes of might and magic v - tribes of the east
2014-07-19 23:28 - 2014-07-19 23:28 - 00000001 _____ () c:\windows\syswow64\si.bin
2014-07-19 23:27 - 1998-10-29 16:45 - 00306688 _____ (installshield software corporation) c:\windows\isuninst.exe
2014-07-19 22:34 - 2014-07-19 22:54 - 00000000 ____d () c:\users\florian\downloads\heroes.of.might.and.magic.complete.edtion.retail.iso-rain
2014-07-18 19:22 - 2014-07-18 19:23 - 00307904 _____ () c:\windows\system32\fntcache.dat
2014-07-12 21:35 - 2013-10-07 07:47 - 00000000 ____d () c:\users\florian\downloads\zurueck.in.die.zukunft.1985.ac3.german.bdrip.x264-nostalgie
2014-07-12 20:00 - 2014-07-12 20:00 - 00000000 ____d () c:\users\florian\appdata\local\capcom
2014-07-12 19:53 - 2014-07-12 19:53 - 00000000 ____d () c:\users\florian\appdata\local\flt
2014-07-12 19:53 - 2014-07-12 19:53 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\resident evil revelations
2014-07-12 19:35 - 2013-05-23 17:38 - 00000094 _____ () c:\users\florian\downloads\raf-rer.md5
2014-07-12 19:32 - 2013-05-23 17:36 - 2727968768 _____ () c:\users\florian\downloads\raf-rer.iso
2014-07-12 17:33 - 2014-07-12 17:33 - 00000000 ____d () c:\users\florian\downloads\zurueck.in.die.zukunft.2.german.1989.ac3.dvdrip.xvid.internal-cia
2014-07-12 16:20 - 2013-09-07 00:21 - 00000000 ____d () c:\users\florian\downloads\werner eiskalt
2014-07-08 19:33 - 2014-06-18 01:27 - 01440256 _____ (microsoft corporation) c:\windows\syswow64\osk.exe
2014-07-08 19:33 - 2014-06-18 01:24 - 01557504 _____ (microsoft corporation) c:\windows\system32\osk.exe
2014-07-08 19:33 - 2014-06-11 06:18 - 04038144 _____ (microsoft corporation) c:\windows\system32\win32k.sys
2014-07-08 19:33 - 2014-06-03 00:33 - 00265216 _____ (microsoft corporation) c:\windows\system32\inked.dll
2014-07-08 19:33 - 2014-05-30 01:31 - 00452608 _____ (microsoft corporation) c:\windows\syswow64\shcore.dll
2014-07-08 19:33 - 2014-05-30 01:03 - 00588288 _____ (microsoft corporation) c:\windows\system32\shcore.dll
2014-07-08 19:33 - 2014-05-30 01:02 - 01281536 _____ (microsoft corporation) c:\windows\system32\lsasrv.dll
2014-07-08 19:33 - 2014-05-30 01:02 - 00439808 _____ (microsoft corporation) c:\windows\system32\lsm.dll
2014-07-08 19:33 - 2014-05-03 08:34 - 06974808 _____ (microsoft corporation) c:\windows\system32\ntoskrnl.exe
2014-07-08 19:33 - 2014-05-03 08:33 - 01824808 _____ (microsoft corporation) c:\windows\system32\ntdll.dll
2014-07-08 19:33 - 2014-05-03 06:51 - 01408976 _____ (microsoft corporation) c:\windows\syswow64\ntdll.dll
2014-07-08 19:33 - 2014-05-02 00:37 - 01023488 _____ (microsoft corporation) c:\windows\system32\localspl.dll
2014-07-08 19:33 - 2014-04-30 00:32 - 00126464 _____ (microsoft corporation) c:\windows\system32\robocopy.exe
2014-07-08 19:33 - 2014-04-30 00:32 - 00106496 _____ (microsoft corporation) c:\windows\syswow64\robocopy.exe
2014-07-08 19:33 - 2014-04-24 01:51 - 00566784 _____ (microsoft corporation) c:\windows\syswow64\wsshared.dll
2014-07-08 19:33 - 2014-04-24 01:51 - 00124928 _____ (microsoft corporation) c:\windows\syswow64\windows.applicationmodel.store.testingframework.dll
2014-07-08 19:33 - 2014-04-24 01:38 - 00693760 _____ (microsoft corporation) c:\windows\system32\wsshared.dll
2014-07-08 19:33 - 2014-04-24 01:38 - 00163840 _____ (microsoft corporation) c:\windows\system32\windows.applicationmodel.store.testingframework.dll
2014-07-08 19:33 - 2014-02-08 06:34 - 00071168 _____ (microsoft corporation) c:\windows\system32\drivers\hdaudbus.sys
2014-07-08 19:32 - 2014-06-19 04:12 - 02239488 _____ (microsoft corporation) c:\windows\system32\wininet.dll
2014-07-08 19:32 - 2014-06-19 04:12 - 01366528 _____ (microsoft corporation) c:\windows\system32\urlmon.dll
2014-07-08 19:32 - 2014-06-19 04:12 - 00915968 _____ (microsoft corporation) c:\windows\system32\uxtheme.dll
2014-07-08 19:32 - 2014-06-19 04:12 - 00053760 _____ (microsoft corporation) c:\windows\system32\uxinit.dll
2014-07-08 19:32 - 2014-06-19 04:12 - 00051712 _____ (microsoft corporation) c:\windows\system32\ie4uinit.exe
2014-07-08 19:32 - 2014-06-19 04:11 - 19277312 _____ (microsoft corporation) c:\windows\system32\mshtml.dll
2014-07-08 19:32 - 2014-06-19 04:11 - 00197120 _____ (microsoft corporation) c:\windows\system32\msrating.dll
2014-07-08 19:32 - 2014-06-19 04:11 - 00097792 _____ (microsoft corporation) c:\windows\system32\mshtmled.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 15369728 _____ (microsoft corporation) c:\windows\system32\ieframe.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 03959296 _____ (microsoft corporation) c:\windows\system32\jscript9.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 02650624 _____ (microsoft corporation) c:\windows\system32\iertutil.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00855552 _____ (microsoft corporation) c:\windows\system32\jscript.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00603136 _____ (microsoft corporation) c:\windows\system32\msfeeds.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00452096 _____ (microsoft corporation) c:\windows\system32\dxtmsft.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00281600 _____ (microsoft corporation) c:\windows\system32\dxtrans.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00255488 _____ (microsoft corporation) c:\windows\system32\iedkcs32.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00136704 _____ (microsoft corporation) c:\windows\system32\iesysprep.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00067072 _____ (microsoft corporation) c:\windows\system32\iesetup.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00053760 _____ (microsoft corporation) c:\windows\system32\jsproxy.dll
2014-07-08 19:32 - 2014-06-19 04:10 - 00039936 _____ (microsoft corporation) c:\windows\system32\iernonce.dll
2014-07-08 19:32 - 2014-06-19 04:09 - 01508864 _____ (microsoft corporation) c:\windows\system32\inetcpl.cpl
2014-07-08 19:32 - 2014-06-19 02:53 - 14368768 _____ (microsoft corporation) c:\windows\syswow64\mshtml.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 01766400 _____ (microsoft corporation) c:\windows\syswow64\wininet.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 01141760 _____ (microsoft corporation) c:\windows\syswow64\urlmon.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 00493056 _____ (microsoft corporation) c:\windows\syswow64\msfeeds.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 00163840 _____ (microsoft corporation) c:\windows\syswow64\msrating.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 00080896 _____ (microsoft corporation) c:\windows\syswow64\mshtmled.dll
2014-07-08 19:32 - 2014-06-19 02:53 - 00044032 _____ (microsoft corporation) c:\windows\syswow64\uxinit.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 13732352 _____ (microsoft corporation) c:\windows\syswow64\ieframe.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 02863616 _____ (microsoft corporation) c:\windows\syswow64\jscript9.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 02051072 _____ (microsoft corporation) c:\windows\syswow64\iertutil.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 01440768 _____ (microsoft corporation) c:\windows\syswow64\inetcpl.cpl
2014-07-08 19:32 - 2014-06-19 02:52 - 00690688 _____ (microsoft corporation) c:\windows\syswow64\jscript.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00357888 _____ (microsoft corporation) c:\windows\syswow64\dxtmsft.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00226816 _____ (microsoft corporation) c:\windows\syswow64\iedkcs32.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00226816 _____ (microsoft corporation) c:\windows\syswow64\dxtrans.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00109056 _____ (microsoft corporation) c:\windows\syswow64\iesysprep.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00061440 _____ (microsoft corporation) c:\windows\syswow64\iesetup.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00039936 _____ (microsoft corporation) c:\windows\syswow64\jsproxy.dll
2014-07-08 19:32 - 2014-06-19 02:52 - 00033280 _____ (microsoft corporation) c:\windows\syswow64\iernonce.dll
2014-07-08 19:32 - 2014-06-19 02:33 - 02706432 _____ (microsoft corporation) c:\windows\system32\mshtml.tlb
2014-07-08 19:32 - 2014-06-19 02:30 - 02706432 _____ (microsoft corporation) c:\windows\syswow64\mshtml.tlb
2014-07-08 19:32 - 2014-06-19 00:05 - 00534528 _____ (microsoft corporation) c:\windows\syswow64\uxtheme.dll
2014-07-08 19:32 - 2014-06-06 16:06 - 00596480 _____ (microsoft corporation) c:\windows\system32\qedit.dll
2014-07-08 19:32 - 2014-06-06 12:17 - 00497152 _____ (microsoft corporation) c:\windows\syswow64\qedit.dll
2014-07-08 19:32 - 2014-05-30 00:24 - 00576512 _____ (microsoft corporation) c:\windows\system32\drivers\afd.sys
==================== one month modified files and folders =======
(if an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 14:49 - 2014-08-06 14:49 - 02094080 _____ (farbar) c:\users\florian\downloads\frst64.exe
2014-08-06 14:49 - 2014-08-06 14:49 - 00019256 _____ () c:\users\florian\downloads\frst.txt
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 ____d () c:\frst
2014-08-06 14:47 - 2014-08-05 22:36 - 00050687 _____ () c:\windows\windowsupdate.log
2014-08-06 14:47 - 2014-07-27 18:22 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\bullfrog
2014-08-06 14:25 - 2013-04-11 08:15 - 00000884 _____ () c:\windows\tasks\adobe flash player updater.job
2014-08-06 14:21 - 2013-11-04 11:43 - 00000000 ____d () c:\users\florian\appdata\roaming\classicshell
2014-08-06 14:18 - 2013-03-20 19:50 - 00000000 ____d () c:\games
2014-08-06 14:05 - 2014-08-05 17:56 - 00122584 _____ (malwarebytes corporation) c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-06 14:00 - 2012-07-26 10:12 - 00000000 ____d () c:\windows\system32\sru
2014-08-06 13:56 - 2013-03-20 19:28 - 00000000 ____d () c:\program files (x86)\steam
2014-08-05 23:48 - 2013-09-15 11:03 - 00280792 _____ () c:\windows\syswow64\pnkbstrb.exe
2014-08-05 23:48 - 2013-04-10 12:15 - 00280792 _____ () c:\windows\syswow64\pnkbstrb.xtr
2014-08-05 23:47 - 2013-04-06 19:58 - 00281032 _____ () c:\windows\syswow64\pnkbstrb.ex0
2014-08-05 22:39 - 2014-01-26 17:14 - 00000000 ____d () c:\program files (x86)\tuneup utilities 2014
2014-08-05 22:20 - 2013-05-02 15:07 - 00060416 ___sh () c:\users\florian\desktop\thumbs.db
2014-08-05 22:20 - 2012-07-26 09:22 - 00000006 ____h () c:\windows\tasks\sa.dat
2014-08-05 22:18 - 2013-03-22 11:05 - 00000000 ____d () c:\users\florian\appdata\roaming\daemon tools lite
2014-08-05 21:39 - 2014-08-05 21:39 - 02623656 _____ (vs revo group ltd.) c:\users\florian\downloads\revosetup95.exe
2014-08-05 21:39 - 2014-08-05 21:39 - 00001239 _____ () c:\users\florian\desktop\revo uninstaller.lnk
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____d () c:\program files (x86)\vs revo group
2014-08-05 17:56 - 2014-08-05 17:56 - 00001077 _____ () c:\users\public\desktop\ malwarebytes anti-malware .lnk
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\ malwarebytes anti-malware
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\programdata\malwarebytes
2014-08-05 17:56 - 2014-08-05 17:56 - 00000000 ____d () c:\program files (x86)\ malwarebytes anti-malware
2014-08-05 17:55 - 2014-08-05 17:55 - 17292760 _____ (malwarebytes corporation ) c:\users\florian\downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 17:47 - 2012-07-26 07:26 - 00262144 ___sh () c:\windows\system32\config\bbi
2014-08-05 17:42 - 2014-08-05 17:42 - 00000000 ____d () c:\users\florian\appdata\local\temp7d0baba979668711c4bf61f16f89c15b
2014-08-05 17:39 - 2014-08-05 17:39 - 00000000 ____d () c:\users\florian\chromeextensions
2014-08-05 17:39 - 2014-08-05 17:39 - 00000000 ____d () c:\users\florian\appdata\local\temp5c615c6bee14695db731840470ca3ff2
2014-08-05 17:39 - 2013-03-20 16:41 - 00000000 ____d () c:\users\florian
2014-08-05 15:23 - 2013-04-03 16:29 - 00000000 ___rd () c:\users\florian\desktop\spiele
2014-08-03 22:07 - 2013-03-20 16:50 - 00000000 ____d () c:\program files (x86)\mozilla maintenance service
2014-08-03 18:33 - 2013-03-20 19:40 - 00000000 ____d () c:\users\florian\appdata\roaming\microsoft\windows\start menu\programs\steam
2014-08-01 17:27 - 2014-08-01 17:27 - 00000000 ____d () c:\program files (x86)\mozilla firefox
2014-08-01 16:34 - 2014-02-12 17:12 - 00000000 ____d () c:\program files (x86)\jdownloader
2014-07-31 18:37 - 2013-10-01 14:42 - 00000000 ____d () c:\program files (x86)\origin
2014-07-27 18:22 - 2014-07-27 18:22 - 00000000 ____d () c:\users\florian\appdata\roaming\microsoft\windows\start menu\programs\bullfrog
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____d () c:\users\florian\downloads\populous.the.beginning.v2.0.0.5.gog.classic-g3l
2014-07-24 21:25 - 2014-07-24 21:24 - 00000000 ____d () c:\users\florian\downloads\legend
2014-07-24 17:13 - 2012-07-26 10:12 - 00000000 ____d () c:\windows\auinstallagent
2014-07-20 17:17 - 2014-01-03 18:30 - 00000000 ____d () c:\windows\minidump
2014-07-19 23:32 - 2013-04-06 20:03 - 00000000 ____d () c:\users\florian\documents\my games
2014-07-19 23:31 - 2014-07-19 23:29 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\heroes of might and magic v - tribes of the east
2014-07-19 23:28 - 2014-07-19 23:28 - 00000001 _____ () c:\windows\syswow64\si.bin
2014-07-19 23:28 - 2012-11-13 19:16 - 00000000 ___hd () c:\program files (x86)\installshield installation information
2014-07-19 22:54 - 2014-07-19 22:34 - 00000000 ____d () c:\users\florian\downloads\heroes.of.might.and.magic.complete.edtion.
2014-07-18 19:30 - 2012-08-01 18:38 - 00753134 _____ () c:\windows\system32\perfh007.dat
2014-07-18 19:30 - 2012-08-01 18:38 - 00155826 _____ () c:\windows\system32\perfc007.dat
2014-07-18 19:30 - 2012-07-26 09:28 - 01745416 _____ () c:\windows\system32\perfstringbackup.ini
2014-07-18 19:23 - 2014-07-18 19:22 - 00307904 _____ () c:\windows\system32\fntcache.dat
2014-07-16 10:24 - 2014-01-26 22:37 - 00043320 _____ (tuneup software) c:\windows\system32\uxtuneup.dll
2014-07-16 10:24 - 2014-01-26 22:37 - 00036152 _____ (tuneup software) c:\windows\syswow64\uxtuneup.dll
2014-07-16 10:24 - 2014-01-26 17:15 - 00040760 _____ (tuneup software) c:\windows\system32\turegopt.exe
2014-07-16 10:24 - 2014-01-26 17:15 - 00029496 _____ (tuneup software) c:\windows\system32\authuitu.dll
2014-07-16 10:24 - 2014-01-26 17:15 - 00025400 _____ (tuneup software) c:\windows\syswow64\authuitu.dll
2014-07-15 12:07 - 2013-05-07 19:52 - 00042040 _____ (avira operations gmbh & co. Kg) c:\windows\system32\drivers\avnetflt.sys
2014-07-12 20:00 - 2014-07-12 20:00 - 00000000 ____d () c:\users\florian\appdata\local\capcom
2014-07-12 20:00 - 2014-06-02 18:40 - 00000000 ____d () c:\users\florian\appdata\roaming\raptr
2014-07-12 19:53 - 2014-07-12 19:53 - 00000000 ____d () c:\users\florian\appdata\local\flt
2014-07-12 19:53 - 2014-07-12 19:53 - 00000000 ____d () c:\programdata\microsoft\windows\start menu\programs\resident evil revelations
2014-07-12 17:33 - 2014-07-12 17:33 - 00000000 ____d () c:\users\florian\downloads\zurueck.in.die.zukunft.2.german.1989.ac3.dvdrip.xvid.internal-cia
2014-07-11 15:16 - 2012-07-26 10:12 - 00000000 ____d () c:\windows\rescache
2014-07-10 17:43 - 2012-07-26 10:12 - 00000000 ___rd () c:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessibility
2014-07-10 17:43 - 2012-07-26 10:12 - 00000000 ___rd () c:\users\default user\appdata\roaming\microsoft\windows\start menu\programs\accessibility
2014-07-10 17:43 - 2012-07-26 09:52 - 00000000 ____d () c:\program files\windows journal
2014-07-10 17:42 - 2014-07-06 17:40 - 03286528 _____ (microsoft corporation) c:\windows\system32\wuaueng.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 01623040 _____ (microsoft corporation) c:\windows\system32\wucltux.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00773632 _____ (microsoft corporation) c:\windows\system32\wuapi.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00629248 _____ (microsoft corporation) c:\windows\syswow64\wuapi.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00253440 _____ (microsoft corporation) c:\windows\system32\wusettingsprovider.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00176640 _____ (microsoft corporation) c:\windows\system32\storewuauth.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00144384 _____ (microsoft corporation) c:\windows\system32\wuwebv.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00128000 _____ (microsoft corporation) c:\windows\syswow64\wuwebv.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00100352 _____ (microsoft corporation) c:\windows\system32\wudriver.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00086528 _____ (microsoft corporation) c:\windows\syswow64\wudriver.dll
2014-07-10 17:42 - 2014-07-06 17:40 - 00059416 _____ (microsoft corporation) c:\windows\system32\wuauclt.exe
2014-07-10 17:42 - 2014-07-06 17:40 - 00040448 _____ (microsoft corporation) c:\windows\system32\wuapp.exe
2014-07-10 17:42 - 2014-07-06 17:40 - 00035328 _____ (microsoft corporation) c:\windows\syswow64\wuapp.exe
2014-07-10 17:42 - 2012-07-26 10:12 - 00000000 ____d () c:\windows\winstore
2014-07-10 17:42 - 2012-07-26 09:59 - 00000000 ____d () c:\windows\cbstemp
2014-07-08 20:40 - 2013-08-14 13:41 - 00000000 ____d () c:\windows\system32\mrt
2014-07-08 20:40 - 2013-03-21 19:28 - 96441528 _____ (microsoft corporation) c:\windows\system32\mrt.exe
2014-07-08 20:40 - 2012-07-26 07:26 - 00262144 ___sh () c:\windows\system32\config\elam
2014-07-08 19:25 - 2013-04-11 08:15 - 00003772 _____ () c:\windows\system32\tasks\adobe flash player updater
some content of temp:
====================
c:\users\florian\appdata\local\temp\amazonicon_v8.exe
c:\users\florian\appdata\local\temp\amazoninstallernircmdc.exe
c:\users\florian\appdata\local\temp\avgnt.exe
c:\users\florian\appdata\local\temp\foxysecurity_6.2_giga_ff_ie_setup.exe
c:\users\florian\appdata\local\temp\icreinstall_mbam-setup-2.0.2.1012_cb-dl-manager.exe
c:\users\florian\appdata\local\temp\sdanircmdc.exe
c:\users\florian\appdata\local\temp\sdapskill.exe
c:\users\florian\appdata\local\temp\sdaspwn.exe
==================== bamital & volsnap check =================
(there is no automatic fix for files that do not pass verification.)
c:\windows\system32\winlogon.exe => file is digitally signed
c:\windows\system32\wininit.exe => file is digitally signed
c:\windows\explorer.exe => file is digitally signed
c:\windows\syswow64\explorer.exe => file is digitally signed
c:\windows\system32\svchost.exe => file is digitally signed
c:\windows\syswow64\svchost.exe => file is digitally signed
c:\windows\system32\services.exe => file is digitally signed
c:\windows\system32\user32.dll => file is digitally signed
c:\windows\syswow64\user32.dll => file is digitally signed
c:\windows\system32\userinit.exe => file is digitally signed
c:\windows\syswow64\userinit.exe => file is digitally signed
c:\windows\system32\rpcss.dll => file is digitally signed
c:\windows\system32\drivers\volsnap.sys => file is digitally signed
lastregback: 2014-08-04 20:42
==================== end of log ============================
|
addition: Zitat:
additional scan result of farbar recovery scan tool (x64) version: 05-08-2014
ran by florian at 2014-08-06 14:50:04
running from c:\users\florian\downloads
boot mode: Normal
==========================================================
==================== security center ========================
(if an entry is included in the fixlist, it will be removed.)
av: Avira desktop (enabled - up to date) {4d041356-f94d-285f-8768-aae50fa36859}
av: Windows defender (disabled - up to date) {d68ddc3a-831f-4fae-9e44-da132c1acf46}
as: Avira desktop (enabled - up to date) {f665f2b2-df77-27d1-bdd8-9197742422e4}
as: Windows defender (disabled - up to date) {d68ddc3a-831f-4fae-9e44-da132c1acf46}
==================== installed programs ======================
(only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-zip 9.20 (hklm-x32\...\7-zip) (version: - )
adobe flash player 14 plugin (hklm-x32\...\adobe flash player plugin) (version: 14.0.0.145 - adobe systems incorporated)
amd accelerated video transcoding (version: 13.30.100.40417 - advanced micro devices, inc.) hidden
amd app sdk runtime (version: 10.0.938.2 - advanced micro devices inc.) hidden
amd catalyst control center (x32 version: 2014.0417.2226.38446 - ihr firmenname) hidden
amd catalyst install manager (hklm\...\{3faeeebe-48f4-84c1-2b49-96ae73e67e3e}) (version: 8.0.916.0 - advanced micro devices, inc.)
amd wireless display v3.0 (version: 1.0.0.15 - advanced micro devices, inc.) hidden
anno 1404 (hklm-x32\...\{3d9cf3ca-3ab0-4a82-9853-d7c43fd1d775}) (version: 1.03.0000 - ubisoft)
anno 1404 (x32 version: 1.00.0000 - ubisoft) hidden
anno 1404 entwickler-tools (hklm-x32\...\{a837bce6-bcb1-4a44-8807-a678eaf06933}) (version: 1.00.0000 - related designs)
anno 2070 (hklm-x32\...\steam app 48240) (version: - bluebyte)
atheros bluetooth filter driver package (hklm\...\{026b819b-4d60-4c8b-892d-33a0d8666f60}) (version: 2.0.0.3 - atheros communications)
atheros driver installation program (hklm-x32\...\{c3a32068-8ab1-4327-bb16-bed9c6219dc7}) (version: 10.0 - atheros)
avira free antivirus (hklm-x32\...\avira antivir desktop) (version: 14.0.5.464 - avira)
banished version 1.0 (hklm-x32\...\banished_is1) (version: 1.0 - theprodukkt)
battlefield 3™ (hklm-x32\...\{76285c16-411a-488a-bce3-c83cb933d8cf}) (version: 1.0.0.0 - electronic arts)
battlelog web plugins (hklm-x32\...\battlelog web plugins) (version: 2.3.2 - ea digital illusions ce ab)
broken sword 5 (hklm-x32\...\broken sword 5_is1) (version: - revolution software ltd)
call of duty 4: Modern warfare (hklm-x32\...\steam app 7940) (version: - infinity ward)
call of duty: Ghosts - multiplayer (hklm-x32\...\steam app 209170) (version: - )
call of duty: Ghosts (hklm-x32\...\steam app 209160) (version: - infinity ward)
call of duty: Modern warfare 2 - multiplayer (hklm-x32\...\steam app 10190) (version: - infinity ward)
call of duty: Modern warfare 2 (hklm-x32\...\steam app 10180) (version: - infinity ward)
catalyst control center - branding (x32 version: 1.00.0000 - advanced micro devices, inc.) hidden
catalyst control center graphics previews common (x32 version: 2014.0417.2226.38446 - advanced micro devices, inc.) hidden
catalyst control center installproxy (x32 version: 2013.0830.1944.33589 - advanced micro devices, inc.) hidden
catalyst control center installproxy (x32 version: 2014.0417.2226.38446 - advanced micro devices, inc.) hidden
catalyst control center localization all (x32 version: 2014.0417.2226.38446 - advanced micro devices, inc.) hidden
ccc help chinese standard (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help chinese traditional (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help czech (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help danish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help dutch (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help english (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help finnish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help french (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help german (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help greek (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help hungarian (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help italian (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help japanese (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help korean (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help norwegian (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help polish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help portuguese (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help russian (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help spanish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help swedish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help thai (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc help turkish (x32 version: 2014.0417.2225.38446 - advanced micro devices, inc.) hidden
ccc-utility64 (version: 2014.0417.2226.38446 - advanced micro devices, inc.) hidden
ccleaner (hklm\...\ccleaner) (version: 4.15 - piriform)
classic shell (hklm\...\{840c85b7-d3d6-4143-9af9-dae80fd54cfc}) (version: 4.1.0 - ivosoft)
company of heroes 2 (hklm-x32\...\steam app 231430) (version: - relic entertainment)
daemon tools lite (hklm-x32\...\daemon tools lite) (version: 4.47.1.0333 - disc soft ltd)
dead island riptide (c) deep silver version 1 (hklm-x32\...\rgvhzcbjc2xhbmqgumlwdglkzsaoyykgrgvlccbtawx2zxi=_is1) (version: 1 - )
die stunde null uncutpatch 1.1 (hklm-x32\...\die stunde null uncutpatch_is1) (version: Die stunde null uncutpatch 1.1 - uc-games)
divine divinity (hklm-x32\...\steam app 214170) (version: - larian studios)
driver sweeper version 3.2.0 (hklm-x32\...\{5a67d2ea-fb70-4033-a6f3-606ad85b2015}_is1) (version: 3.2.0 - phyxion.net)
duke nukem - manhattan project - 1.0.1 patch (x32 version: 1.0.1 - ihr firmenname) hidden
empire: Total war (hklm-x32\...\steam app 10500) (version: - the creative assembly)
free youtube to mp3 converter version 3.12.1.320 (hklm-x32\...\free youtube to mp3 converter_is1) (version: 3.12.1.320 - dvdvideosoft ltd.)
heroes & generals (hklm-x32\...\steam app 227940) (version: - reto-moto)
heroes of might and magic v - tribes of the east (hklm-x32\...\{66ff4c48-0083-4e60-8556-b883ab200092}) (version: - )
hydravision (x32 version: 4.2.252.0 - advanced micro devices, inc.) hidden
intel appup(sm) center (hklm-x32\...\intel appup(sm) center 33268) (version: 3.6.1.33268.15 - intel)
intel(r) management engine components (hklm-x32\...\{65153ea5-8b6e-43b6-857b-c6e4fc25798a}) (version: 8.1.0.1252 - intel corporation)
intel(r) rapid storage technology (hklm-x32\...\{3e29ee6c-963a-4aae-86c1-dc237c4a49fc}) (version: 11.5.2.1001 - intel corporation)
intel® trusted connect service client (version: 1.24.388.1 - intel corporation) hidden
java 7 update 51 (hklm-x32\...\{26a24ae4-039d-4ca4-87b4-2f83217045ff}) (version: 7.0.510 - oracle)
java auto updater (x32 version: 2.1.9.8 - sun microsystems, inc.) hidden
jdownloader 0.9 (hklm-x32\...\5513-1208-7298-9440) (version: 0.9 - appwork gmbh)
left 4 dead (hklm-x32\...\steam app 500) (version: - valve)
left 4 dead 2 (hklm-x32\...\steam app 550) (version: - valve)
malwarebytes Anti-Malware version 2.0.2.1012 (hklm-x32\...\malwarebytes anti-malware_is1) (version: 2.0.2.1012 - malwarebytes corporation)
microsoft app update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (version: 1.0.0.0 - microsoft corporation) hidden
microsoft chart controls for microsoft .net framework 3.5 (hklm-x32\...\{41785c66-90f2-40ce-8cb5-1c94bfc97280}) (version: 3.5.0.0 - microsoft corporation)
microsoft games for windows - live (hklm-x32\...\{f97e3841-ca9d-4964-9d64-26066241d26f}) (version: 3.3.24.0 - microsoft corporation)
microsoft games for windows - live redistributable (hklm-x32\...\{8fb1b528-e260-451e-9b55-e9152f94b80b}) (version: 3.2.3.0 - microsoft corporation)
microsoft office (hklm-x32\...\{95140000-0070-0000-0000-0000000ff1ce}) (version: 14.0.6120.5004 - microsoft corporation)
microsoft visual c++ 2005 redistributable (hklm-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (version: 8.0.56336 - microsoft corporation)
microsoft visual c++ 2005 redistributable (hklm-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (version: 8.0.59193 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x64 9.0.30729 (hklm\...\{d285fc5f-3021-32e9-9c59-24ca325bdc5c}) (version: 9.0.30729 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x64 9.0.30729.17 (hklm\...\{8220eefe-38cd-377e-8595-13398d740ace}) (version: 9.0.30729 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x64 9.0.30729.4148 (hklm\...\{4b6c7001-c7d6-3710-913e-5bc23fce91e6}) (version: 9.0.30729.4148 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x64 9.0.30729.6161 (hklm\...\{5fce6d76-f5dc-37ab-b2b8-22ab8cedb1d4}) (version: 9.0.30729.6161 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x86 9.0.30729.17 (hklm-x32\...\{9a25302d-30c0-39d9-bd6f-21e6ec160475}) (version: 9.0.30729 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148 (hklm-x32\...\{1f1c2dfc-2d24-3e06-bcb8-725134adf989}) (version: 9.0.30729.4148 - microsoft corporation)
microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161 (hklm-x32\...\{9be518e6-ecc6-35a9-88e4-87755c07200f}) (version: 9.0.30729.6161 - microsoft corporation)
microsoft visual c++ 2010 x64 redistributable - 10.0.40219 (hklm\...\{1d8e6291-b0d5-35ec-8441-6616f567a0f7}) (version: 10.0.40219 - microsoft corporation)
microsoft visual c++ 2010 x86 redistributable - 10.0.40219 (hklm-x32\...\{f0c3e5d1-1ade-321e-8167-68ef0de699a5}) (version: 10.0.40219 - microsoft corporation)
microsoft visual c++ 2012 redistributable (x64) - 11.0.50727 (hklm-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (version: 11.0.50727.1 - microsoft corporation)
microsoft visual c++ 2012 redistributable (x64) - 11.0.60610 (hklm-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (version: 11.0.60610.1 - microsoft corporation)
microsoft visual c++ 2012 redistributable (x86) - 11.0.60610 (hklm-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (version: 11.0.60610.1 - microsoft corporation)
microsoft visual c++ 2012 x64 additional runtime - 11.0.50727 (version: 11.0.50727 - microsoft corporation) hidden
microsoft visual c++ 2012 x64 additional runtime - 11.0.60610 (version: 11.0.60610 - microsoft corporation) hidden
microsoft visual c++ 2012 x64 minimum runtime - 11.0.50727 (version: 11.0.50727 - microsoft corporation) hidden
microsoft visual c++ 2012 x64 minimum runtime - 11.0.60610 (version: 11.0.60610 - microsoft corporation) hidden
microsoft visual c++ 2012 x86 additional runtime - 11.0.60610 (x32 version: 11.0.60610 - microsoft corporation) hidden
microsoft visual c++ 2012 x86 minimum runtime - 11.0.60610 (x32 version: 11.0.60610 - microsoft corporation) hidden
mozilla firefox 31.0 (x86 de) (hklm-x32\...\mozilla firefox 31.0 (x86 de)) (version: 31.0 - mozilla)
mozilla maintenance service (hklm-x32\...\mozillamaintenanceservice) (version: 29.0.1 - mozilla)
nero 12 essentials toshiba (hklm-x32\...\{2ef76291-8647-46f0-89d8-0aa8b72a5420}) (version: 12.0.00600 - nero ag)
nero backitup (x32 version: 12.0.3000 - nero ag) hidden
nero backitup help (chm) (x32 version: 12.0.3000 - nero ag) hidden
nero blu-ray player (x32 version: 12.0.17500 - nero ag) hidden
nero blu-ray player help (chm) (x32 version: 12.0.4000 - nero ag) hidden
nero burnrights (x32 version: 12.0.5000 - nero ag) hidden
nero burnrights help (chm) (x32 version: 12.0.5000 - nero ag) hidden
nero controlcenter (x32 version: 11.0.15300 - nero ag) hidden
nero controlcenter help (chm) (x32 version: 12.0.5000 - nero ag) hidden
nero core components (x32 version: 11.0.18200 - nero ag) hidden
nero express (x32 version: 12.0.20000 - nero ag) hidden
nero express help (chm) (x32 version: 12.0.5000 - nero ag) hidden
nero kwik media (x32 version: 1.18.18900 - nero ag) hidden
nero kwik media help (chm) (x32 version: 12.0.4000 - nero ag) hidden
nero kwik themes basic (x32 version: 12.0.11500 - nero ag) hidden
nero launcher (x32 version: 12.2.6000 - nero ag) hidden
nero rescueagent (x32 version: 12.0.9000 - nero ag) hidden
nero rescueagent help (chm) (x32 version: 12.0.3000 - nero ag) hidden
nero sharedvideocodecs (x32 version: 1.0.12100.2.0 - nero ag) hidden
nero update (x32 version: 11.0.11800.31.0 - nero ag) hidden
nvidia physx (hklm-x32\...\{8b922cf8-8a6c-41ce-a858-f1755d7f5d29}) (version: 9.12.1031 - nvidia corporation)
openal (hklm-x32\...\openal) (version: - )
openoffice.org 3.4.1 (hklm-x32\...\{2303aeea-0fa8-4afd-80a9-8f86ba4b44d2}) (version: 3.41.9593 - apache software foundation)
origin (hklm-x32\...\origin) (version: 8.5.0.4518 - electronic arts, inc.)
premium sound hd (hklm\...\{94f03b8e-cb73-4653-afe9-79112c01fed2}) (version: 1.12.5000 - srs labs, inc.)
prerequisite installer (x32 version: 12.0.0002 - nero ag) hidden
punkbuster services (hklm-x32\...\punkbustersvc) (version: 0.991 - even balance, inc.)
raptr (hklm-x32\...\raptr) (version: - )
realtek ethernet controller driver (hklm-x32\...\{8833ffb6-5b0c-4764-81aa-06dfeed9a476}) (version: 8.3.730.2012 - realtek)
realtek high definition audio driver (hklm-x32\...\{f132af7f-7bca-4ede-8a7c-958108fe7dbc}) (version: 6.0.1.7083 - realtek semiconductor corp.)
realtek usb 2.0 card reader (hklm-x32\...\{96ae7e41-e34e-47d0-ac07-1091a8127911}) (version: 6.1.8400.30136 - realtek semiconductor corp.)
red orchestra 2: Heroes of stalingrad (hklm-x32\...\steam app 35450) (version: - tripwire)
resident evil: Revelations (hklm-x32\...\{6d4ec39d-87ce-4cd4-9b21-fab3ccfb95f3}_is1) (version: 1.0 - raf)
revo uninstaller 1.95 (hklm-x32\...\revo uninstaller) (version: 1.95 - vs revo group)
shared c run-time for x64 (hklm\...\{ef79c448-6946-4d71-8134-03407888c054}) (version: 10.0.0 - mcafee)
slimdrivers (hklm-x32\...\{a5457401-d56a-43f2-9524-78e54a7fc07a}) (version: 2.2.32705 - slimware utilities, inc.)
sniper elite: Zombie army (hklm-x32\...\steam app 235700) (version: - rebellion)
state of decay (hklm-x32\...\steam app 241540) (version: - )
steam (hklm-x32\...\{048298c9-a4d3-490b-9ff9-ab023a9238f3}) (version: 1.0.0.0 - valve corporation)
synaptics pointing device driver (hklm\...\syntpdeinstkey) (version: 16.2.10.5 - synaptics incorporated)
the walking dead (hklm-x32\...\the walking dead) (version: 1.0.0.15 - telltale games)
toshiba desktop assist (hklm\...\{95ccacf0-010d-45f0-82bf-858643d8bc02}) (version: 1.00.08.6402 - toshiba corporation)
toshiba eco utility (hklm\...\{5944b9d4-3c2a-48de-931e-26b31714a2f7}) (version: 2.0.0.6415 - toshiba corporation)
toshiba function key (hklm\...\{16562a90-71bc-41a0-b890-d91b0c267120}) (version: 1.00.6626.6406 - toshiba corporation)
toshiba manuals (hklm-x32\...\{90ff4432-21b7-4af6-ba6e-fb8c1fed9173}) (version: 10.10 - toshiba)
toshiba password utility (hklm-x32\...\installshield_{78931270-bc9e-441a-a52b-73ecd4acfab5}) (version: 2.00.972 - toshiba corporation)
toshiba password utility (x32 version: 2.00.972 - toshiba corporation) hidden
toshiba pc health monitor (hklm\...\{9decd0f9-d3e8-48b0-a390-1cf09f54e3a4}) (version: 1.8.17.640104 - toshiba corporation)
toshiba recovery media creator (hklm-x32\...\{b65bbb06-1f8e-48f5-8a54-b024a9e15fdf}) (version: 2.2.1.54043006 - toshiba corporation)
toshiba resolution+ plug-in for windows media player (hklm-x32\...\{6cb76c9d-80c2-4cb3-a4cd-d96b239e3f94}) (version: 1.2.2.00 - toshiba corporation)
toshiba system driver (hklm-x32\...\{1e6a96a1-2bab-43ef-8087-30437593c66c}) (version: 1.00.0015 - toshiba corporation)
toshiba system settings (hklm-x32\...\{05a55927-db9b-4e26-ba44-828ebff829f0}) (version: 1.00.0002.32002 - toshiba corporation)
toshiba tempro (hklm-x32\...\{f76f5214-83a8-4030-80c9-1ef57391d72a}) (version: 4.2.2 - toshiba europe gmbh)
toshiba video player (hklm\...\{ff07604e-c860-40e9-a230-e37fa41f103a}) (version: 5.1.0.12-a - toshiba corporation)
tropico 5 (hklm-x32\...\tropico 5_is1) (version: 1.0 - addonia)
tuneup utilities 2014 (de-de) (x32 version: 14.0.1000.340 - tuneup software) hidden
tuneup utilities 2014 (hklm-x32\...\tuneup utilities) (version: 14.0.1000.340 - tuneup software)
tuneup utilities 2014 (x32 version: 14.0.1000.340 - tuneup software) hidden
ubisoft game launcher (hklm-x32\...\{888f1505-c2b3-4fde-835d-36353ebd4754}) (version: 1.0.0.0 - ubisoft)
welcome app (start-up experience) (x32 version: 12.0.14000 - nero ag) hidden
winrar 5.01 (64-bit) (hklm\...\winrar archiver) (version: 5.01.0 - win.rar gmbh)
wolfenstein: The new order (hklm-x32\...\v29szmvuc3rlaw5uagvozxdpcmrlcg==_is1) (version: 1 - )
world of tanks (hklm-x32\...\{1eac1d02-c6ac-4fa6-9a44-96258c37c812eu}_is1) (version: - wargaming.net)
xp-antispy 3.98-2 (hklm-x32\...\xp-antispy) (version: - christian taubenheim)
==================== custom clsid (selected items): ==========================
(if an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== restore points =========================
==================== hosts content: ==========================
(if needed hosts: Directive could be included in the fixlist to reset hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____a c:\windows\system32\drivers\etc\hosts
==================== scheduled tasks (whitelisted) =============
(if an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
task: {1aaff332-5c62-4558-9991-daa649c4c9c5} - system32\tasks\microsoft\windows\sysmain\wsswapassessmenttask => rundll32.exe sysmain.dll,pfsvwsswapassessmenttask
task: {23a5d8be-9196-40eb-bd89-794398b2b073} - system32\tasks\microsoft\windows\ws\wsrefreshbannedappslisttask => rundll32.exe wsclient.dll,refreshbannedappslist
task: {476553e5-cb3d-458f-94c3-7d518d8f79d5} - system32\tasks\toshiba\commonnotifier => c:\program files (x86)\toshiba tempro\toshiba.tempro.ui.commonnotifier.exe [2012-09-25] (toshiba europe gmbh)
task: {56dfa705-536b-4076-a0cf-aee7ff5c6745} - system32\tasks\java update scheduler => c:\program files (x86)\common files\java\java update\jusched.exe [2013-07-02] (oracle corporation)
task: {7583a99f-8210-4523-86cc-1eeb98c4faf8} - system32\tasks\microsoft\windows\setup\pre-staged gdr notification => c:\windows\system32\notificationui.exe [2014-04-19] (microsoft corporation)
task: {a72208bf-7a49-4fb8-b684-252375f3443a} - system32\tasks\microsoft\windows\ws\license validation => rundll32.exe wsclient.dll,wsptlr licensing
task: {a8187dd9-cf15-4724-9651-4a82ba25c428} - system32\tasks\slimdrivers startup => c:\program files (x86)\slimdrivers\slimdrivers.exe [2013-09-24] (slimware utilities, inc.)
task: {b288b596-0b64-4b57-8a7f-27faac4ce4e9} - system32\tasks\adobe flash player updater => c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2014-07-08] (adobe systems incorporated)
task: {c58b368d-339f-4113-b696-34d0cdff5cbd} - system32\tasks\microsoft\windows\removaltools\mrt_hb => c:\windows\system32\mrt.exe [2014-07-08] (microsoft corporation)
task: {c6a88f2d-53d2-4805-9d69-443738a1847c} - system32\tasks\microsoft\windows\applicationdata\cleanuptemporarystate => rundll32.exe windows.storage.applicationdata.dll,cleanuptemporarystate
task: {ddeed2d6-6801-4019-9a0a-352ef2943f15} - system32\tasks\tuneuputilities_task_bkgndmaintenance2013 => c:\program files (x86)\tuneup utilities 2014\oneclick.exe [2014-07-16] (tuneup software)
task: {e7e5c124-7559-45cb-997e-1cda62454b52} - system32\tasks\ccleanerskipuac => c:\program files\ccleaner\ccleaner.exe [2014-06-24] (piriform ltd)
task: {ebf06dec-4228-4813-ac0c-62821ae4e330} - system32\tasks\microsoft\windows\application experience\startupapptask => rundll32.exe startupscan.dll,susruntask
task: {f0109c77-aba7-49a6-9672-25727554adf8} - \desk 365 runasstduser no task file <==== attention
task: {f9515511-3024-43eb-9c39-581bea383ce4} - \amiupdxp no task file <==== attention
task: C:\windows\tasks\adobe flash player updater.job => c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
task: C:\windows\tasks\slimdrivers startup.job => c:\program files (x86)\slimdrivers\slimdrivers.exe
==================== loaded modules (whitelisted) =============
2011-10-14 00:38 - 2011-10-14 00:38 - 00156672 _____ () c:\program files (x86)\toshiba\password utility\gfnexsrv.exe
2013-09-15 11:03 - 2013-10-01 16:38 - 00076888 _____ () c:\windows\syswow64\pnkbstra.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () c:\program files (x86)\tuneup utilities 2014\avgrepliba.dll
2013-02-01 02:09 - 2012-06-25 20:41 - 01198912 _____ () c:\program files (x86)\intel\intel(r) management engine components\uns\ace.dll
2014-05-22 15:33 - 2014-07-12 02:53 - 01116672 _____ () c:\program files (x86)\steam\libavcodec-55.dll
2014-05-22 15:33 - 2014-07-12 02:53 - 00399360 _____ () c:\program files (x86)\steam\libavformat-55.dll
2014-01-08 15:26 - 2014-07-12 02:53 - 00331264 _____ () c:\program files (x86)\steam\libavresample-1.dll
2014-04-23 21:03 - 2014-07-12 02:53 - 00438784 _____ () c:\program files (x86)\steam\libavutil-53.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () c:\program files (x86)\steam\sdl2.dll
2014-05-22 15:33 - 2014-07-16 04:28 - 02139328 _____ () c:\program files (x86)\steam\video.dll
2014-05-22 15:33 - 2014-04-29 02:37 - 00519168 _____ () c:\program files (x86)\steam\libswscale-2.dll
2013-03-15 18:29 - 2014-07-16 04:28 - 01116864 _____ () c:\program files (x86)\steam\bin\chromehtml.dll
2013-03-14 22:19 - 2014-05-02 01:35 - 20628160 _____ () c:\program files (x86)\steam\bin\libcef.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00891392 _____ () c:\program files (x86)\intel\intelappstore\bin\qtnetwork4.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 02281984 _____ () c:\program files (x86)\intel\intelappstore\bin\qtcore4.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00016896 _____ () c:\program files (x86)\intel\intelappstore\bin\featurecontroller.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00062976 _____ () c:\program files (x86)\intel\intelappstore\bin\osevents.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00322048 _____ () c:\program files (x86)\intel\intelappstore\bin\log4cplus.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00339456 _____ () c:\program files (x86)\intel\intelappstore\bin\qtxml4.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00400384 _____ () c:\program files (x86)\intel\intelappstore\bin\sqlite3.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00195584 _____ () c:\program files (x86)\intel\intelappstore\bin\libgsoap.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00062464 _____ () c:\program files (x86)\intel\intelappstore\bin\zlib1.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00446976 _____ () c:\program files (x86)\intel\intelappstore\bin\deviceprofile.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00019456 _____ () c:\program files (x86)\intel\intelappstore\bin\eventssender.dll
2012-11-13 19:45 - 2012-08-02 00:01 - 00062976 _____ () c:\program files (x86)\intel\intelappstore\bin\servicemanagerstarter.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () c:\program files (x86)\openoffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () c:\program files (x86)\openoffice.org 3\program\libxslt.dll
==================== alternate data streams (whitelisted) =========
(if an entry is included in the fixlist, only the alternate data streams will be removed.)
==================== safe mode (whitelisted) ===================
(if an item is included in the fixlist, it will be removed from the registry. The "alternateshell" will be restored.)
==================== exe association (whitelisted) =============
(if an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== msconfig/task manager disabled items =========
(currently there is no automatic fix for this section.)
hklm\...\startupapproved\run: => "tecoresident"
hklm\...\startupapproved\run: => "tcrdmain"
hklm\...\startupapproved\run32: => "tpureg"
hklm\...\startupapproved\run32: => "sunjavaupdatesched"
hkcu\...\startupapproved\startupfolder: => "openoffice.org 3.4.1.lnk"
hkcu\...\startupapproved\run: => "daemon tools lite"
hkcu\...\startupapproved\run: => "driverscanner"
hkcu\...\startupapproved\run: => "eadm"
hkcu\...\startupapproved\run: => "raptr"
==================== faulty device manager devices =============
==================== event log errors: =========================
application errors:
==================
error: (08/05/2014 10:40:07 pm) (source: Application hang) (eventid: 1002) (user: )
description: Programm mbam.exe, version 1.0.0.532 kann nicht mehr unter windows ausgeführt werden und wurde beendet. überprüfen sie den problemverlauf in der wartungscenter-systemsteuerung, um nach weiteren informationen zum problem zu suchen.
Prozess-id: D9c
startzeit: 01cfb0eaedd45d76
endzeit: 0
anwendungspfad: C:\program files (x86)\ malwarebytes anti-malware \mbam.exe
berichts-id: Ad341d94-1ce0-11e4-beff-c0d962307ac3
vollständiger name des fehlerhaften pakets:
Anwendungs-id, die relativ zum fehlerhaften paket ist:
Error: (08/05/2014 09:43:34 pm) (source: Application hang) (eventid: 1002) (user: )
description: Programm mbam.exe, version 1.0.0.532 kann nicht mehr unter windows ausgeführt werden und wurde beendet. überprüfen sie den problemverlauf in der wartungscenter-systemsteuerung, um nach weiteren informationen zum problem zu suchen.
Prozess-id: E3c
startzeit: 01cfb0db5d41fa24
endzeit: 0
anwendungspfad: C:\program files (x86)\ malwarebytes anti-malware \mbam.exe
berichts-id: C668da26-1cd8-11e4-befe-c0d962307ac3
vollständiger name des fehlerhaften pakets:
Anwendungs-id, die relativ zum fehlerhaften paket ist:
Error: (08/05/2014 06:10:57 pm) (source: Application hang) (eventid: 1002) (user: )
description: Programm mbam.exe, version 1.0.0.532 kann nicht mehr unter windows ausgeführt werden und wurde beendet. überprüfen sie den problemverlauf in der wartungscenter-systemsteuerung, um nach weiteren informationen zum problem zu suchen.
Prozess-id: 17f8
startzeit: 01cfb0c5e5f027c9
endzeit: 0
anwendungspfad: C:\program files (x86)\ malwarebytes anti-malware \mbam.exe
berichts-id: 122f8c49-1cbb-11e4-befe-c0d962307ac3
vollständiger name des fehlerhaften pakets:
Anwendungs-id, die relativ zum fehlerhaften paket ist:
Error: (08/03/2014 09:58:23 pm) (source: Application error) (eventid: 1000) (user: )
description: Name der fehlerhaften anwendung: Rogame.exe, version: 0.0.0.0, zeitstempel: 0x53b1a360
name des fehlerhaften moduls: Rogame.exe, version: 0.0.0.0, zeitstempel: 0x53b1a360
ausnahmecode: 0xc0000005
fehleroffset: 0x00947554
id des fehlerhaften prozesses: 0x1554
startzeit der fehlerhaften anwendung: 0xrogame.exe0
pfad der fehlerhaften anwendung: Rogame.exe1
pfad des fehlerhaften moduls: Rogame.exe2
berichtskennung: Rogame.exe3
vollständiger name des fehlerhaften pakets: Rogame.exe4
anwendungs-id, die relativ zum fehlerhaften paket ist: Rogame.exe5
error: (07/19/2014 07:15:42 pm) (source: Microsoft-windows-immersive-shell) (eventid: 5973) (user: Flospc)
description: Bei der aktivierung der app „microsoft.freshpaint_8wekyb3d8bbwe!app“ ist folgender fehler aufgetreten: -2144927142. Weitere informationen finden sie im protokoll „microsoft-windows-twinui/betriebsbereit“.
Error: (07/19/2014 07:15:42 pm) (source: Application hang) (eventid: 1002) (user: )
description: Programm freshpaint.exe, version 1.0.12243.1 kann nicht mehr unter windows ausgeführt werden und wurde beendet. überprüfen sie den problemverlauf in der wartungscenter-systemsteuerung, um nach weiteren informationen zum problem zu suchen.
Prozess-id: 9d8
startzeit: 01cfa375007524e7
endzeit: 4294967295
anwendungspfad: C:\program files\windowsapps\microsoft.freshpaint_1.0.12243.1_x86__8wekyb3d8bbwe\freshpaint.exe
berichts-id: 4abe0b91-0f68-11e4-befc-c0d962307ac3
vollständiger name des fehlerhaften pakets: Microsoft.freshpaint_1.0.12243.1_x86__8wekyb3d8bbwe
anwendungs-id, die relativ zum fehlerhaften paket ist: App
error: (07/19/2014 07:15:28 pm) (source: Microsoft-windows-immersive-shell) (eventid: 2486) (user: Flospc)
description: Die app „microsoft.freshpaint_8wekyb3d8bbwe!app“ wurde nicht innerhalb der vorgesehenen zeit gestartet.
Error: (07/12/2014 09:03:55 pm) (source: Application error) (eventid: 1000) (user: )
description: Name der fehlerhaften anwendung: Iw6mp64_ship.exe, version: 1.0.0.1, zeitstempel: 0x53a8be4a
name des fehlerhaften moduls: Iw6mp64_ship.exe, version: 1.0.0.1, zeitstempel: 0x53a8be4a
ausnahmecode: 0xc0000005
fehleroffset: 0x00000000001670aa
id des fehlerhaften prozesses: 0x1b28
startzeit der fehlerhaften anwendung: 0xiw6mp64_ship.exe0
pfad der fehlerhaften anwendung: Iw6mp64_ship.exe1
pfad des fehlerhaften moduls: Iw6mp64_ship.exe2
berichtskennung: Iw6mp64_ship.exe3
vollständiger name des fehlerhaften pakets: Iw6mp64_ship.exe4
anwendungs-id, die relativ zum fehlerhaften paket ist: Iw6mp64_ship.exe5
error: (07/12/2014 04:14:32 pm) (source: Application error) (eventid: 1000) (user: )
description: Name der fehlerhaften anwendung: Tcrdmain_win8.exe, version: 2.0.4.64, zeitstempel: 0x50459b38
name des fehlerhaften moduls: Syncom.dll_unloaded, version: 0.0.0.0, zeitstempel: 0x502d552e
ausnahmecode: 0xc0000005
fehleroffset: 0x000000001002038c
id des fehlerhaften prozesses: 0xd3c
startzeit der fehlerhaften anwendung: 0xtcrdmain_win8.exe0
pfad der fehlerhaften anwendung: Tcrdmain_win8.exe1
pfad des fehlerhaften moduls: Tcrdmain_win8.exe2
berichtskennung: Tcrdmain_win8.exe3
vollständiger name des fehlerhaften pakets: Tcrdmain_win8.exe4
anwendungs-id, die relativ zum fehlerhaften paket ist: Tcrdmain_win8.exe5
error: (07/11/2014 05:57:36 pm) (source: Application error) (eventid: 1000) (user: )
description: Name der fehlerhaften anwendung: Tcrdmain_win8.exe, version: 2.0.4.64, zeitstempel: 0x50459b38
name des fehlerhaften moduls: Syncom.dll_unloaded, version: 0.0.0.0, zeitstempel: 0x502d552e
ausnahmecode: 0xc0000005
fehleroffset: 0x000000001002038c
id des fehlerhaften prozesses: 0x18d8
startzeit der fehlerhaften anwendung: 0xtcrdmain_win8.exe0
pfad der fehlerhaften anwendung: Tcrdmain_win8.exe1
pfad des fehlerhaften moduls: Tcrdmain_win8.exe2
berichtskennung: Tcrdmain_win8.exe3
vollständiger name des fehlerhaften pakets: Tcrdmain_win8.exe4
anwendungs-id, die relativ zum fehlerhaften paket ist: Tcrdmain_win8.exe5
system errors:
=============
error: (08/06/2014 02:23:03 pm) (source: Dcom) (eventid: 10016) (user: Flospc)
description: Anwendungsspezifischlokalaktivierung{b77c4c36-0154-4c52-ab49-faa03837e47f}{ea022610-0748-4c24-b229-6c507ebdfdbb}flospcflorians-1-5-21-2417515031-4054562374-1906131541-1001localhost (unter verwendung von lrpc)nicht verfügbarnicht verfügbar
error: (08/05/2014 10:22:52 pm) (source: Wmpnetworksvc) (eventid: 14319) (user: )
description: Wmpnetworksvc
error: (08/05/2014 05:51:52 pm) (source: Wmpnetworksvc) (eventid: 14319) (user: )
description: Wmpnetworksvc
error: (08/03/2014 10:10:13 pm) (source: Wmpnetworksvc) (eventid: 14319) (user: )
description: Wmpnetworksvc
error: (08/01/2014 10:49:06 pm) (source: Dcom) (eventid: 10010) (user: Flospc)
description: {4545dea0-2dfc-4906-a728-6d986ba399a9}
error: (08/01/2014 10:49:06 pm) (source: Dcom) (eventid: 10010) (user: Flospc)
description: {4545dea0-2dfc-4906-a728-6d986ba399a9}
error: (07/19/2014 07:16:45 pm) (source: Wmpnetworksvc) (eventid: 14319) (user: )
description: Wmpnetworksvc
error: (07/19/2014 07:13:40 pm) (source: Bugcheck) (eventid: 1001) (user: )
description: 0x000000d1 (0x0000000000000024, 0x0000000000000002, 0x0000000000000000, 0xfffff88006fd2c64)c:\windows\memory.dmp071914-19312-01
error: (07/19/2014 07:13:36 pm) (source: Eventlog) (eventid: 6008) (user: )
description: Das system wurde zuvor am 19.07.2014 um 19:12:35 unerwartet heruntergefahren.
Error: (07/18/2014 07:26:36 pm) (source: Wmpnetworksvc) (eventid: 14319) (user: )
description: Wmpnetworksvc
microsoft office sessions:
=========================
error: (08/05/2014 10:40:07 pm) (source: Application hang) (eventid: 1002) (user: )
description: Mbam.exe1.0.0.532d9c01cfb0eaedd45d760c:\program files (x86)\ malwarebytes anti-malware \mbam.exead341d94-1ce0-11e4-beff-c0d962307ac3
error: (08/05/2014 09:43:34 pm) (source: Application hang) (eventid: 1002) (user: )
description: Mbam.exe1.0.0.532e3c01cfb0db5d41fa240c:\program files (x86)\ malwarebytes anti-malware \mbam.exec668da26-1cd8-11e4-befe-c0d962307ac3
error: (08/05/2014 06:10:57 pm) (source: Application hang) (eventid: 1002) (user: )
description: Mbam.exe1.0.0.53217f801cfb0c5e5f027c90c:\program files (x86)\ malwarebytes anti-malware \mbam.exe122f8c49-1cbb-11e4-befe-c0d962307ac3
error: (08/03/2014 09:58:23 pm) (source: Application error) (eventid: 1000) (user: )
description: Rogame.exe0.0.0.053b1a360rogame.exe0.0.0.053b1a360c000000500947554155401cfaf4e1a7d267ec:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exec:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe86018ac9-1b48-11e4-befc-c0d962307ac3
error: (07/19/2014 07:15:42 pm) (source: Microsoft-windows-immersive-shell) (eventid: 5973) (user: Flospc)
description: Microsoft.freshpaint_8wekyb3d8bbwe!app-2144927142
error: (07/19/2014 07:15:42 pm) (source: Application hang) (eventid: 1002) (user: )
description: Freshpaint.exe1.0.12243.19d801cfa375007524e74294967295c:\program files\windowsapps\microsoft.freshpaint_1.0.12243.1_x86__8wekyb3d8bbwe\freshpaint.exe4abe0b91-0f68-11e4-befc-c0d962307ac3microsoft.freshpaint_1.0.12243.1_x86__8wekyb3d8bbweapp
error: (07/19/2014 07:15:28 pm) (source: Microsoft-windows-immersive-shell) (eventid: 2486) (user: Flospc)
description: Microsoft.freshpaint_8wekyb3d8bbwe!app
error: (07/12/2014 09:03:55 pm) (source: Application error) (eventid: 1000) (user: )
description: Iw6mp64_ship.exe1.0.0.153a8be4aiw6mp64_ship.exe1.0.0.153a8be4ac000000500000000001670aa1b2801cf9e03ee8d91a0c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exec:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe44f4acf6-09f7-11e4-befa-c0d962307ac3
error: (07/12/2014 04:14:32 pm) (source: Application error) (eventid: 1000) (user: )
description: Tcrdmain_win8.exe2.0.4.6450459b38syncom.dll_unloaded0.0.0.0502d552ec0000005000000001002038cd3c01cf9dd97dbd9f8cc:\program files\toshiba\hotkey\tcrdmain_win8.exesyncom.dlld7b48042-09ce-11e4-befa-c0d962307ac3
error: (07/11/2014 05:57:36 pm) (source: Application error) (eventid: 1000) (user: )
description: Tcrdmain_win8.exe2.0.4.6450459b38syncom.dll_unloaded0.0.0.0502d552ec0000005000000001002038c18d801cf9d1ebb07322dc:\program files\toshiba\hotkey\tcrdmain_win8.exesyncom.dll13777755-0914-11e4-befa-c0d962307ac3
codeintegrity errors:
===================================
date: 2013-05-01 23:03:54.847
description: Windows is unable to verify the image integrity of the file \device\harddiskvolume4\windows\syswow64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-05-01 21:19:47.903
description: Windows is unable to verify the image integrity of the file \device\harddiskvolume4\windows\syswow64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== memory info ===========================
percentage of memory in use: 15%
total physical ram: 12239.22 mb
available physical ram: 10393.76 mb
total pagefile: 24527.22 mb
available pagefile: 22656.88 mb
total virtual: 8192 mb
available virtual: 8191.77 mb
==================== drives ================================
drive c: (ti31018700a) (fixed) (total:585.26 gb) (free:141.35 gb) ntfs
==================== mbr & partition table ==================
========================================================
disk: 0 (size: 596 gb) (disk id: 00000000)
partition: Gpt partition type.
==================== end of log ============================
|
|
06.08.2014, 13:26
Hinweis: 
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
Linear-Darstellung
