| |
| |||||||
Log-Analyse und Auswertung: Domain und IP beim Systemstart geblockt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.12.2014, 19:30
| #1 | |
| |  Domain und IP beim Systemstart geblockt. Hey ich habe mir mal das Programm Malwarebytes Anti-Malware geholt. Jetzt kriege ich bei jedem Systemstart eine Meldung, dass die IP "46.161.41.113" und die Domain "cryptexplorer.us" geblockt ist. Und da steht auch noch was mit "wscript.exe". Seht einfach selbst. Meine Frage ist jetzt ist das bösartig ? Und wie könnte ich das dann beheben ? LG Zitat:
|
|
16.12.2014, 19:34
| #2 |
| /// the machine /// TB-Ausbilder    | Domain und IP beim Systemstart geblockt. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.12.2014, 19:40
| #3 |
| | Domain und IP beim Systemstart geblockt. FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by Patrick (administrator) on PATRICK-PC on 16-12-2014 19:36:30 Running from C:\Users\Patrick\Desktop Loaded Profile: Patrick (Available profiles: Patrick & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\schtasks.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB) HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\MountPoints2: {4d470b33-a6d3-11e2-9dec-806e6f6e6963} - E:\ASRSetup.exe HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\MountPoints2: {a4c68239-dd0e-11e3-96b9-8a9d363b2e54} - G:\Setup.exe HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\MountPoints2: {c40bbfe8-d111-11e3-ad1d-bc5ff4480074} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\MountPoints2: {e0363e24-ab62-11e2-b431-bc5ff4480074} - G:\SETUP.EXE HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.) AppInit_DLLs-x32: c:\windows\syswow64\appinit_dll.dll => c:\windows\syswow64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.de HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.de HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKU\.DEFAULT -> {9CEB372A-13DF-4722-9B2C-09FA4DF10039} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV SearchScopes: HKU\.DEFAULT -> {F734BC60-C21E-4890-AFFC-59A77AA79DB8} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {3E9B7001-3036-492d-BB77-68B0EE72A3AC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {679ABEC0-BCC4-4817-9536-9B0BD5D02149} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default FF Homepage: google.de FF NewTab: google.de FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2086523952-4110748753-4211001760-1000: ubisoft.com/uplaypc -> D:\Spiele\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: iMacros for Firefox - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-01-25] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2014-08-06] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-04] FF HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE CHR StartupUrls: Default -> "hxxp://google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23] CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-04] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [480096 2013-04-19] (cFos Software GmbH) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-08] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] () S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed] S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-13] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-18] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-17] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) U5 Ps2; C:\Windows\System32\Drivers\Ps2.sys [19072 2010-03-18] (Hewlett-Packard Company) [File not signed] S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-16] (Duplex Secure Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.) S3 VSPerfDrv100; D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-16] () S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 19:36 - 2014-12-16 19:36 - 02119168 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe 2014-12-16 19:36 - 2014-12-16 19:36 - 00027175 _____ () C:\Users\Patrick\Desktop\FRST.txt 2014-12-16 19:36 - 2014-12-16 19:36 - 00000000 ____D () C:\FRST 2014-12-16 19:00 - 2014-12-16 19:00 - 00000334 _____ () C:\Windows\PFRO.log 2014-12-16 19:00 - 2014-12-16 19:00 - 00000056 _____ () C:\Windows\setupact.log 2014-12-16 19:00 - 2014-12-16 19:00 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-16 18:47 - 2014-12-16 18:47 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-16 18:38 - 2014-09-11 08:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Patrick\Desktop\procexp.exe 2014-12-12 13:29 - 2014-12-12 13:29 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update 2014-12-12 13:29 - 2014-12-12 13:29 - 00000000 ____D () C:\ProgramData\IObit 2014-12-12 13:29 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2014-12-12 13:29 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2014-12-12 13:28 - 2014-12-12 13:28 - 00001177 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\IObit 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-12-12 13:28 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2014-12-11 15:26 - 2014-12-11 15:26 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 15:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 15:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 16:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 16:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 16:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 16:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 16:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 16:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 16:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 16:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 16:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 16:00 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 16:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 16:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 16:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 16:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 16:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 16:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 16:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 16:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 16:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 16:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 16:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 16:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 16:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 16:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 16:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 16:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 16:00 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 16:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 16:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 16:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 16:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 16:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 16:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 16:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 16:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 16:00 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 16:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 16:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 16:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 16:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 16:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 16:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 16:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 16:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 16:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 16:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 16:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 16:00 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 16:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 16:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 16:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 16:00 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 16:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 16:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 16:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 16:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 16:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 16:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 16:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 16:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 16:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 15:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 15:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 15:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 15:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 15:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 15:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 15:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 15:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 15:01 - 2014-12-09 15:01 - 00000000 ____D () C:\ProgramData\ATI 2014-12-09 15:00 - 2014-12-09 15:00 - 00053736 _____ () C:\Windows\SysWOW64\CCCInstall_201412091500484656.log 2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-12-05 20:04 - 2014-12-05 20:06 - 00000000 ____D () C:\Users\Patrick\Desktop\Login 2014-12-05 16:46 - 2014-12-05 16:46 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201412051646372745.log 2014-12-02 15:45 - 2014-12-02 15:48 - 00000000 ____D () C:\Users\Patrick\Desktop\Programme 2014-12-02 15:10 - 2014-12-16 19:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-02 15:10 - 2014-12-04 22:20 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-02 15:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-02 15:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-02 15:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-02 13:47 - 2014-12-02 13:47 - 00494968 _____ () C:\Windows\SysWOW64\scrypt140202Pitcairnglg2tc8192w64l4.bin 2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 _____ () C:\Users\Patrick\Desktop\NC27B-KTB2D-7CBPW-PHKXB-88C9R.txt 2014-11-26 18:22 - 2014-11-26 18:22 - 00003128 _____ () C:\Windows\System32\Tasks\Origin 2014-11-21 03:44 - 2014-11-21 03:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-11-21 03:43 - 2014-11-21 03:43 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2014-11-21 03:43 - 2014-11-21 03:43 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-11-21 03:41 - 2014-11-21 03:41 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2014-11-21 03:40 - 2014-11-21 03:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-11-21 03:33 - 2014-11-21 03:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe 2014-11-21 03:33 - 2014-11-21 03:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-11-21 03:32 - 2014-11-21 03:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2014-11-21 03:31 - 2014-11-21 03:31 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-11-21 03:31 - 2014-11-21 03:31 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-11-21 03:24 - 2014-11-21 03:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2014-11-21 03:17 - 2014-11-21 03:17 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap 2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\SysWOW64\atiapfxx.blb 2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb 2014-11-21 03:17 - 2014-11-21 03:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-11-21 03:17 - 2014-11-21 03:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-11-21 03:17 - 2014-11-21 03:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-11-21 03:15 - 2014-11-21 03:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2014-11-21 03:13 - 2014-11-21 03:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap 2014-11-21 03:13 - 2014-11-21 03:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2014-11-21 03:13 - 2014-11-21 03:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2014-11-21 03:12 - 2014-11-21 03:12 - 00774656 _____ (AMD) C:\Windows\system32\atieclxx.exe 2014-11-21 03:12 - 2014-11-21 03:12 - 00244736 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2014-11-21 03:12 - 2014-11-21 03:12 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-11-21 03:12 - 2014-11-21 03:12 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-11-21 03:10 - 2014-11-21 03:10 - 00843776 _____ (AMD) C:\Windows\system32\coinst_14.50.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-11-21 03:08 - 2014-11-21 03:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll 2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll 2014-11-19 16:30 - 2014-11-19 16:30 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk 2014-11-18 20:47 - 2014-11-18 20:47 - 01691816 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL 2014-11-18 20:04 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 20:04 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 20:04 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 20:04 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 20:57 - 2014-11-17 20:57 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe 2014-11-17 20:57 - 2014-11-17 20:57 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe 2014-11-17 20:57 - 2014-11-17 20:57 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe 2014-11-17 20:57 - 2014-11-17 20:57 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe 2014-11-17 19:34 - 2014-11-17 19:34 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Steam 2014-11-17 19:30 - 2014-11-17 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 2014-11-17 19:29 - 2014-11-17 19:36 - 00000000 ____D () C:\Program Files (x86)\Farming Simulator 15 2014-11-17 19:10 - 2014-11-17 19:10 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat 2014-11-17 19:10 - 2014-11-17 19:10 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat 2014-11-17 19:10 - 2014-11-17 19:10 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat 2014-11-17 19:10 - 2014-11-17 19:10 - 00157144 _____ () C:\Windows\system32\ativvsva.dat 2014-11-17 18:52 - 2014-11-21 03:09 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 19:11 - 2014-10-27 16:01 - 00005088 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC 2014-12-16 19:06 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-16 19:06 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-16 19:05 - 2010-11-21 07:50 - 00836188 _____ () C:\Windows\system32\perfh007.dat 2014-12-16 19:05 - 2010-11-21 07:50 - 00199596 _____ () C:\Windows\system32\perfc007.dat 2014-12-16 19:05 - 2009-07-14 06:13 - 01984350 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-16 19:04 - 2013-04-16 21:24 - 01247791 _____ () C:\Windows\WindowsUpdate.log 2014-12-16 19:00 - 2014-11-14 12:35 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-12-16 19:00 - 2014-02-17 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0.job 2014-12-16 19:00 - 2013-09-03 20:34 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-12-16 19:00 - 2013-04-17 15:31 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-12-16 19:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-16 18:55 - 2013-09-03 19:34 - 00000000 ____D () C:\Windows\Minidump 2014-12-16 18:55 - 2013-05-26 16:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite 2014-12-16 18:55 - 2013-05-07 14:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-16 18:55 - 2013-04-27 23:40 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\FileZilla 2014-12-16 18:55 - 2013-04-27 22:38 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\TS3Client 2014-12-16 18:55 - 2013-04-19 21:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\BitTorrent 2014-12-16 18:55 - 2013-04-16 22:21 - 00000000 ____D () C:\Windows\Panther 2014-12-16 18:50 - 2013-04-17 16:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-16 18:46 - 2013-05-08 19:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-16 17:57 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-16 17:34 - 2014-04-16 14:25 - 00000929 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-16 17:07 - 2013-04-17 15:31 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-12-15 21:53 - 2013-04-22 17:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 23:14 - 2014-03-25 13:12 - 00000000 ____D () C:\Users\Patrick\Desktop\Games 2014-12-12 18:52 - 2013-04-17 16:04 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-12 13:47 - 2014-03-31 13:32 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-12-11 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 15:26 - 2014-05-08 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 15:10 - 2013-04-22 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-11 15:09 - 2013-08-15 20:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 15:04 - 2013-04-17 20:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 21:46 - 2013-05-08 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 21:46 - 2013-05-08 19:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-09 21:46 - 2013-05-08 19:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 15:00 - 2014-03-31 13:58 - 00000000 ____D () C:\ProgramData\AMD 2014-12-09 14:59 - 2014-03-31 13:39 - 00000000 ____D () C:\Program Files\AMD 2014-12-09 14:58 - 2014-03-31 13:56 - 00000000 ____D () C:\AMD 2014-12-07 21:30 - 2013-04-17 19:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-12-06 20:53 - 2013-05-17 16:17 - 00000000 ____D () C:\Program Files (x86)\Metin2 2014-12-05 16:45 - 2013-10-10 18:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-05 13:33 - 2013-10-26 17:08 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\vlc 2014-12-02 15:47 - 2013-09-22 20:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\.minecraft 2014-12-02 15:10 - 2013-04-27 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-01 22:18 - 2013-04-22 17:17 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook Files 2014-11-29 18:40 - 2013-11-04 16:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Audacity 2014-11-26 18:55 - 2013-04-21 17:45 - 00000000 ____D () C:\Users\Patrick\Documents\My Games 2014-11-26 18:22 - 2013-10-10 17:48 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Origin 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-21 03:44 - 2014-09-15 23:31 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-11-21 03:43 - 2014-09-15 23:31 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-11-21 03:43 - 2014-09-15 23:31 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-11-21 03:12 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-11-21 03:09 - 2014-09-15 22:59 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2014-11-19 16:30 - 2013-04-19 13:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-11-16 15:45 - 2014-04-04 22:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0 2014-11-16 15:45 - 2013-04-17 16:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA Files to move or delete: ==================== C:\Users\Patrick\AppData\Roaming\Origin\update.vbe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 22:33 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Patrick at 2014-12-16 19:36:51
Running from C:\Users\Patrick\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
ActiveState ActivePython 2.7.6.9 (32-bit) (HKLM-x32\...\{B6FB74C1-B37C-44BC-A1C7-38B8DB3FC996}) (Version: 2.7.9 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
Akamai NetSession Interface (HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcatech BPM Studio Professional v4.9.1 (HKLM-x32\...\Alcatech BPM Studio Professional v4.9.1) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.9.000 - Asmedia Technology)
Assassin's Creed III (HKLM-x32\...\Assassin's Creed III_is1) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avira Internet Security 13.0.1 1.00 (HKLM-x32\...\Avira Internet Security 13.0.1 1.00) (Version: 1.00 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Avira Ultimate Protection Suite (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Call of Duty Black Ops 2 (HKLM-x32\...\{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1) (Version: 1.0 - Treyarch)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
cFosSpeed v9.04 (HKLM\...\cFosSpeed) (Version: 9.04 - cFos Software GmbH, Bonn)
Counter Strike Source v1807769-=AviaRa=- 1807769 (HKLM-x32\...\Counter Strike Source v1807769-=AviaRa=- 1807769) (Version: - )
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dll-Files.com Fixer (HKLM-x32\...\Dll-Files.com Fixer_is1) (Version: 1.0 - Dll-Files.com)
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dr. Hardware 2014 14.0d (HKLM-x32\...\Dr. Hardware 2014_is1) (Version: - Peter A. Gebhard)
Dropbox (HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_is1) (Version: - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Granny Viewer 2.9.1.0 (HKLM-x32\...\Granny Viewer_is1) (Version: 2.9.1.0 - RAD Game Tools, Inc.)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2890573) (HKLM-x32\...\{A1F50E06-E514-393D-AAEB-2F989F0B7C68}.KB2890573) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2529927) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2529927) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2548139) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2548139) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2549864) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2549864) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2635973) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2890573) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2890573) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB3002340) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB3002340) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HxD Hex Editor Version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ICQ 8.2 (build 7033) (HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\ICQ) (Version: 8.2.7033.0 - ICQ)
IDA Pro Free v5.0 (HKLM-x32\...\IDA Pro Free_is1) (Version: - Hex-Rays SA)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
L7500 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PremiumSoft Navicat Premium 8.2 (HKLM-x32\...\PremiumSoft Navicat Premium 8.2_is1) (Version: - PremiumSoft CyberTech Ltd.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapoo 9200 Mouse Driver V1.0 (HKLM-x32\...\{47491961-C944-4FD9-A023-33C6E724F108}_is1) (Version: - Rapoo Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setup - Far Cry 4 ... (HKLM-x32\...\Setup - Far Cry 4 ...) (Version: ... - Ubisoft Entertainment)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sicherheitsupdate für Microsoft Visual Studio 2010 Ultimate - DEU (KB2645410) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2645410) (Version: 1 - Microsoft Corporation)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.1 - PcWinTech.com)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SL-6640-SBK BLACK WIDOW Flightstick (HKLM-x32\...\SL-6640-SBK BLACK WIDOW Flightstick) (Version: - )
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SoundWire Server version 1.9 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 1.9 - GeorgieLabs)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Stronghold 3_is1) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 Host (HKLM-x32\...\TeamViewer 9 Host) (Version: 9.0.32494 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote)
Unlock iPhones 2014 (HKLM-x32\...\{59C7913E-BA93-453A-934A-42DB1033D7CC}) (Version: 1.0.0 - Default Company Name)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VIRTU MVP 2.1.111 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.111 - Lucidlogix Technologies LTD)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wichtiges Update für Microsoft Visual Studio 2010 Ultimate - DEU (KB2938807) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2938807) (Version: 1 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - ASMedia Technology Inc (asmthub3) USB (11/08/2012 1.16.4.0) (HKLM\...\433FA14824FC24A26F5C2A3B0303B3F900988A7C) (Version: 11/08/2012 1.16.4.0 - ASMedia Technology Inc)
Windows-Treiberpaket - ASMedia Technology Inc (asmtxhci) USB (11/08/2012 1.16.4.0) (HKLM\...\DBA9B4CEAAE216FEE7D4777F71164BD1A6348E19) (Version: 11/08/2012 1.16.4.0 - ASMedia Technology Inc)
Windows-Treiberpaket - Intel System (10/05/2012 9.3.0.1025) (HKLM\...\E7B98C2828F3C31E78B2C9A76FBE608F4FEAC106) (Version: 10/05/2012 9.3.0.1025 - Intel)
Windows-Treiberpaket - Intel System (10/05/2012 9.3.0.1025) (HKLM\...\FD8010D338E1868862DA3B2DAB6DD068901181BF) (Version: 10/05/2012 9.3.0.1025 - Intel)
Windows-Treiberpaket - Intel System (11/01/2012 9.3.0.1026) (HKLM\...\313D564779CBE3AB8B9BE19D959E7674440478F1) (Version: 11/01/2012 9.3.0.1026 - Intel)
Windows-Treiberpaket - Intel USB (10/05/2012 9.3.0.1025) (HKLM\...\9798D0FCBDB5B9FED39F9B97EB0C2C1DE212302D) (Version: 10/05/2012 9.3.0.1025 - Intel)
Windows-Treiberpaket - Intel(R) Corporation (IntcDAud) MEDIA (01/11/2013 6.16.00.3106) (HKLM\...\45DB36C33F63D7666C301EE7BC05CD208E67A826) (Version: 01/11/2013 6.16.00.3106 - Intel(R) Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - )
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11F6D709-DDEC-48CA-95F5-1BA37352EA7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {1988B497-5871-4181-B805-921C5F48ECCF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1A1CC80F-3572-4CE6-9C35-5DCB1B46B059} - System32\Tasks\{7A786F43-AF8E-4E1A-AF0A-C78E6148A8F1} => C:\Users\Patrick\Desktop\SimCity 2013 Crack\Patcher.exe
Task: {206EDE1A-5BF9-4D5A-A673-13E2523C9D8A} - \AutoKMS No Task File <==== ATTENTION
Task: {3251BF74-A47F-4FF8-9952-13227EC74079} - System32\Tasks\{1D8FC8CE-B5D2-417D-8341-7A56F1B6009C} => pcalua.exe -a D:\Downloads\VirtualBox-4.2.16-86992-Win.exe -d D:\Downloads
Task: {33D1DD84-2D87-434E-9582-39741AD4A259} - System32\Tasks\{AC7FCBF7-8F64-4D96-A28B-1EC2EC065C5F} => D:\Spiele\Call of Duty Black Ops 2\t6mp.exe [2013-08-02] (Activision Publishing Inc.)
Task: {3DAEB310-C188-4F66-9D47-050ADD1407C5} - System32\Tasks\{1D30E3CE-761F-41D9-BD0F-B8C360267587} => C:\Users\Patrick\Desktop\SimCity 2013 Crack\Patcher.exe
Task: {3E3CC7EA-9BE2-4640-AA60-7B5B54E221CA} - System32\Tasks\{9374FDA9-F0C6-4F6F-BA95-35ED2E75F896} => C:\Users\Patrick\Desktop\SimCity 2013 Crack\Patcher.exe
Task: {45E139D3-FB30-42A1-BF4F-0F15B4116520} - System32\Tasks\{B8F54EC5-8038-40C3-BB9A-9E1BA171729B} => pcalua.exe -a "D:\Spiele\Call of Duty Black Ops 2\redist\vcredist_x86.exe" -d "D:\Spiele\Call of Duty Black Ops 2\redist"
Task: {46EB5054-EEF4-4252-BD5D-B2F7DA5766B4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4730C17D-D704-405A-AC23-6B8D7A609DFD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4CA8D63E-082D-4676-865B-8081D1277DB2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17] (Google Inc.)
Task: {5467D159-A1B2-4282-B7F2-5AD8B45A2D17} - System32\Tasks\{AD237AEE-75ED-48A2-BC5E-82FC2DAF85C4} => pcalua.exe -a C:\Users\Patrick\Desktop\Setup_Full_Registered.exe -d C:\Users\Patrick\Desktop
Task: {555C8E00-9E62-43F6-AC65-B337E0602F61} - System32\Tasks\{944174C8-05D4-4748-8C6F-3B2831ACBDFF} => pcalua.exe -a D:\Downloads\WinSetupFromUSB-0.1.1.exe -d D:\Downloads
Task: {651FD100-3926-4EEC-A446-E4DDE026ABC9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {691CDA1A-24C2-4DFB-ABE8-0317332BDD2A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {70A635C7-3B95-48C0-BBFA-500BF129A5FA} - System32\Tasks\{0363427D-3329-47D2-806A-B7B0979B6D48} => pcalua.exe -a "C:\GOG Games\Stronghold Crusader Extreme HD\Language Setup.exe" -d "C:\GOG Games\Stronghold Crusader Extreme HD"
Task: {759C2F7F-7418-4509-A61B-4F87B48D4B83} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {7DF05452-F441-4D33-9B37-9905A9F5520B} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {8325AF55-C42F-459F-A7E0-E7461A56C397} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {87910BEE-FF24-4C4B-BAD6-2EB05BDB8FB5} - System32\Tasks\{8CB22F2B-EFE1-4877-BDF8-70EF0CF08227} => C:\Users\Patrick\Desktop\SimCity 2013 Crack\Patcher.exe
Task: {88F610A8-C78F-40D1-BE1A-F33317E79926} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles Updater\GFFUpdater.exe <==== ATTENTION
Task: {A36F1CDB-E916-4A31-9029-6CEB1DA8EABA} - System32\Tasks\Origin => C:\Users\Patrick\AppData\Roaming\Origin\update.vbe [2014-11-26] () <==== ATTENTION
Task: {B1021D9A-DD13-4040-9BEC-19FC3089A117} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B7996505-8833-4E6F-AED4-B9BF3244D7B9} - System32\Tasks\{E84E21C8-0013-40C8-B23C-4E20F74077F6} => C:\Users\Patrick\Desktop\SimCity 2013 Crack\Patcher.exe
Task: {B8329FF4-2582-47EE-A848-5D4F88E2FE95} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BA5871F4-BBA1-4A9F-BCFD-806F4878E235} - System32\Tasks\{D0149319-D3A3-40EB-AE48-FEA9A36E9562} => pcalua.exe -a D:\Downloads\VirtualBox-4.2.14-86644-Win.exe -d D:\Downloads
Task: {C18AF1E1-D42E-49F5-A414-7F2C96420A05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17] (Google Inc.)
Task: {C63BDCB0-2E5E-43CC-9E6E-CAEDB4F3E100} - System32\Tasks\{0A493453-36E0-4BA8-92A9-1A6D065FD9F6} => pcalua.exe -a C:\WinSetupFromUSB\Uninstall.exe -d C:\WinSetupFromUSB
Task: {C77D9A11-2B41-4DD1-B5E9-854EBD9E51E0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C8C9E3FC-0105-4A45-9EC8-6957B10CBA38} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {D9B12E66-E8FC-426E-9C06-A5EB8AE5EF60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E1236DA6-7478-49C0-B331-3636C83716BE} - System32\Tasks\{4DFA489D-FBEF-4286-85D6-196A78FF06C8} => F:\FR2\PackIndexReader.exe
Task: {E128A127-A57B-4A08-B1AD-5E11AE3C766B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {EF148C18-28CE-4578-877F-11411FA49E91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17] (Google Inc.)
Task: {F9D15FE7-1B45-45FA-9F7F-801A67D9E529} - System32\Tasks\{7F34700C-C8E3-4B88-9512-B9E193281DE3} => F:\FR2\PackIndexReader.exe
Task: {FB98296A-E56C-4EDA-A559-74A07838D83C} - System32\Tasks\DLL-files.com Fixer_UPDATES => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-05-25] (Dll-FIles.Com)
Task: {FFD9BAE8-4395-4601-9B59-FF680354AB87} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\KMS Activation.job => C:\Program Files\KMSpico\RandomFile.exe
==================== Loaded Modules (whitelisted) =============
2013-04-17 15:35 - 2011-05-19 08:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-04-17 15:31 - 2012-02-07 16:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-07-24 09:43 - 2012-07-24 09:43 - 00146984 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-07-24 09:43 - 2012-07-24 09:43 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-11-08 02:58 - 2014-11-08 02:57 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-08-13 15:09 - 2014-08-13 15:09 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-12-12 18:52 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 18:52 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 18:52 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 18:52 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-16 13:02 - 2014-10-16 13:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\38485cf51c91ff758c145158360bbb97\IsdiInterop.ni.dll
2013-04-17 15:29 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-03 20:36 - 2013-01-23 21:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-12 18:52 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Guard.Mail.ru => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk => C:\Windows\pss\DesktopWeatherAlerts.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: cFosSpeed => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriverFinder => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: Guard.Mail.ru.gui => "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ICQ => C:\Users\Patrick\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Patrick\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Rapoo 9200 => C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
MSCONFIG\startupreg: Unified Remote v2 => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VIRTU MVP => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2086523952-4110748753-4211001760-500 - Administrator - Disabled)
Gast (S-1-5-21-2086523952-4110748753-4211001760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2086523952-4110748753-4211001760-1023 - Limited - Enabled)
Patrick (S-1-5-21-2086523952-4110748753-4211001760-1000 - Administrator - Enabled) => C:\Users\Patrick
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Officejet Pro L7500
Description: Officejet Pro L7500
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/16/2014 07:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 11.0.0.0, Zeitstempel: 0x52a8d15d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fe92d90560
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Error: (12/16/2014 07:01:11 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 07:00:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 06:28:10 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 06:28:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 06:26:20 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen mit den Statuscode 1. Der Computer muss neu gestartet werden.
Error: (12/16/2014 06:01:30 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 06:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:34:10 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
System errors:
=============
Error: (12/16/2014 07:01:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/16/2014 07:01:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/16/2014 07:01:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/16/2014 07:01:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/16/2014 07:01:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (12/16/2014 07:01:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (12/16/2014 07:01:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2014 07:01:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/16/2014 07:01:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/16/2014 07:01:15 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Microsoft Office Sessions:
=========================
Error: (12/16/2014 07:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.00000000000000000000007fe92d90560db001d0195a2f0117fcC:\Program Files\KMSpico\Service_KMS.exeunknown860cd6be-854d-11e4-be37-bc5ff4480074
Error: (12/16/2014 07:01:11 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 07:00:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 06:28:10 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 06:28:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 06:26:20 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsass.exe1
Error: (12/16/2014 06:01:30 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
Error: (12/16/2014 06:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:34:10 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize Net Detect: Error Loading PROSet Library Error=0x2\n
CodeIntegrity Errors:
===================================
Date: 2014-08-11 01:05:21.608
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:30:37.394
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:30:37.357
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:30:37.315
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.671
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.632
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.594
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.524
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.487
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-27 15:18:32.449
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8074.79 MB
Available physical RAM: 5531.69 MB
Total Pagefile: 16264.97 MB
Available Pagefile: 12799.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:13.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HDD) (Fixed) (Total:457.95 GB) (Free:66.83 GB) NTFS
Drive e: (Musik) (Fixed) (Total:465.76 GB) (Free:408.12 GB) NTFS
Drive f: (HDD 2) (Fixed) (Total:465.76 GB) (Free:379.36 GB) NTFS
Drive k: (USB) (Removable) (Total:29.8 GB) (Free:9.04 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 9072FFB5)
Partition 1: (Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4819ACBA)
Partition 1: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8DC07013)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9623E925)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von Patty1998 (16.12.2014 um 19:45 Uhr) |
|
16.12.2014, 21:57
| #4 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2014, 18:59
| #5 |
| | Domain und IP beim Systemstart geblockt. Hier die ComboFix.txt: Code:
ATTFilter ComboFix 14-12-14.01 - Patrick 17.12.2014 18:47:33.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8075.5962 [GMT 1:00]
ausgeführt von:: c:\users\Patrick\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-17 bis 2014-12-17 ))))))))))))))))))))))))))))))
.
.
2014-12-16 18:36 . 2014-12-16 18:37 -------- d-----w- C:\FRST
2014-12-16 16:58 . 2014-12-16 16:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE27BD6E-C473-4DD2-A959-907BB63CFB12}\offreg.dll
2014-12-16 15:05 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE27BD6E-C473-4DD2-A959-907BB63CFB12}\mpengine.dll
2014-12-12 12:29 . 2014-06-04 14:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-12-12 12:29 . 2014-12-12 12:29 -------- d-----w- c:\programdata\IObit
2014-12-12 12:29 . 2014-06-04 14:17 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-12-12 12:28 . 2014-06-04 14:17 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-12-12 12:28 . 2014-12-12 12:28 -------- d-----w- c:\program files (x86)\IObit
2014-12-12 12:28 . 2014-12-12 12:28 -------- d-----w- c:\users\Patrick\AppData\Roaming\IObit
2014-12-11 14:26 . 2014-12-11 14:26 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 14:02 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 14:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 14:59 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-09 14:01 . 2014-12-09 14:01 -------- d-----w- c:\programdata\ATI
2014-12-09 14:00 . 2014-12-09 14:00 -------- d-----w- c:\program files (x86)\AMD
2014-12-02 14:10 . 2014-12-17 17:51 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-02 14:10 . 2014-12-04 21:20 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-12-02 14:10 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-02 14:10 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-02 14:10 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-02 12:47 . 2014-12-02 12:47 494968 ----a-w- c:\windows\SysWow64\scrypt140202Pitcairnglg2tc8192w64l4.bin
2014-12-01 18:15 . 2014-12-01 18:15 -------- d-----w- c:\users\Patrick\AppData\Local\Akamai
2014-11-26 09:04 . 2014-11-26 09:04 3009208 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL
2014-11-25 14:23 . 2014-11-25 14:23 81234104 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 14:23 . 2014-11-25 14:23 26373816 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 14:20 . 2014-11-25 14:20 3643584 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-11-25 14:20 . 2014-11-25 14:20 81234104 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 14:20 . 2014-11-25 14:20 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 14:20 . 2014-11-25 14:20 36827832 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-24 13:06 . 2014-11-24 13:06 -------- d-sh--w- c:\users\Patrick\AppData\Local\EmieBrowserModeList
2014-11-21 02:44 . 2014-11-21 02:44 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-11-21 02:44 . 2014-11-21 02:44 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-11-21 02:44 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:43 . 2014-11-21 02:43 7558816 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-11-21 02:43 7077776 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:41 . 2014-11-21 02:41 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40 18959360 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33 47899136 ----a-w- c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32 40987136 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24 28354560 ----a-w- c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19 23621632 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19 49664 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18 5837312 ----a-w- c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-11-21 02:16 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-11-21 02:16 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-11-21 02:15 4590592 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-11-21 02:13 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-11-21 02:13 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-11-21 02:12 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-11-21 02:12 774656 ----a-w- c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-11-21 02:12 244736 ----a-w- c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-11-21 02:12 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-11-21 02:10 843776 ----a-w- c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-11-21 02:09 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-11-21 02:09 . 2014-11-21 02:09 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-11-21 02:09 . 2014-11-21 02:09 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-11-21 02:09 . 2014-11-21 02:09 903168 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-11-21 02:09 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-11-21 02:09 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-11-21 02:09 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-11-21 02:08 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-11-21 02:08 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-11-21 02:08 589312 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-11-21 02:08 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-11-20 20:36 . 2014-11-20 20:36 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-11-20 20:35 . 2014-11-20 20:35 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-11-18 19:51 . 2014-11-18 19:51 5681880 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-11-18 19:51 . 2014-11-18 19:51 5387456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-11-18 19:47 . 2014-11-18 19:47 2226848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2014-11-18 19:47 . 2014-11-18 19:47 7765720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-11-18 19:47 . 2014-11-18 19:47 7536832 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-11-18 19:47 . 2014-11-18 19:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-11-18 19:04 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 19:04 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 19:04 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-18 19:04 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-17 19:57 . 2014-11-17 19:57 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-11-17 19:57 . 2014-11-17 19:57 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-11-17 19:57 . 2014-11-17 19:57 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-11-17 19:57 . 2014-11-17 19:57 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-11-17 18:34 . 2014-11-17 18:34 -------- d-----w- c:\users\Patrick\AppData\Roaming\Steam
2014-11-17 18:29 . 2014-11-17 18:36 -------- d-----w- c:\program files (x86)\Farming Simulator 15
2014-11-17 17:52 . 2014-11-21 02:09 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-17 17:50 . 2014-11-14 11:35 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-12-17 17:50 . 2013-09-03 19:34 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-12-11 14:04 . 2013-04-17 19:28 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-09 20:46 . 2013-05-08 18:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 20:46 . 2013-05-08 18:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 02:44 . 2014-09-15 22:31 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-09-15 22:31 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-09-15 22:31 1348928 ----a-w- c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-09-15 22:31 1127496 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-09-15 22:31 11076784 ----a-w- c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-09-15 22:31 9401480 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-09-15 22:31 8379720 ----a-w- c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-09-15 22:31 8369408 ----a-w- c:\windows\system32\atiumd64.dll
2014-11-21 02:12 . 2014-09-15 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-11-21 02:09 . 2014-09-15 21:59 1214976 ----a-w- c:\windows\system32\atiadlxx.dll
2014-11-12 18:08 . 2013-08-17 22:06 2492672 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2014-11-11 17:08 . 2013-07-31 18:19 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-11-11 17:08 . 2013-04-26 21:07 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-11-08 01:57 . 2014-11-08 01:58 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-11-08 00:00 . 2013-07-31 18:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-11-07 22:51 . 2013-04-27 11:22 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-10-25 01:57 . 2014-11-12 15:54 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 15:54 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-22 15:56 . 2014-10-22 15:20 304 ----a-r- c:\windows\del_temp.bat
2014-10-18 02:05 . 2014-11-12 15:54 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 15:54 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 15:55 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 15:55 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 15:54 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 15:55 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 15:55 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 15:55 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 15:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 15:54 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 15:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 15:55 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 15:55 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 15:54 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 15:54 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 15:54 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 15:54 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 15:54 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 15:54 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 15:54 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 15:54 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 15:54 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-10-01 14:20 . 2014-06-13 15:44 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-01 14:20 . 2014-06-13 15:44 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-01 14:20 . 2014-06-13 15:44 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-25 02:08 . 2014-10-01 14:25 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 14:25 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-12 15:54 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-12 15:54 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-12 15:54 342016 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-12 15:54 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-12 15:54 309760 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-12 15:54 22016 ----a-w- c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-12 15:54 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-12 15:54 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 15:54 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-12 15:54 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 15:54 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 15:54 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2014-06-03 333008]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-04 702768]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 Origin Client Service;Origin Client Service;d:\spiele\Origin\OriginClientService.exe;d:\spiele\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys;c:\windows\SYSNATIVE\drivers\ren2cap.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;d:\programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys;c:\windows\SYSNATIVE\drivers\DRHARD64.sys [x]
S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys;c:\windows\SYSNATIVE\drivers\DRHMSR64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 17:50 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-08 20:46]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 15:02]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 15:02]
.
2014-12-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2014-12-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = google.de
mDefault_Search_URL = about:blank
mDefault_Page_URL = google.de
mStart Page = google.de
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 609553bf00000000000002004c4f4f50
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15968
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.613:20
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=124765&tt=160913_c1&tsp=5011
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}"=hex:51,66,7a,6c,4c,1d,38,12,64,8d,5a,
d4,85,0b,c0,07,d6,bc,e8,e4,66,85,97,ab
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:34,f8,83,60,94,42,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,c4,43,d6,60,20,95,44,97,e3,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,c4,43,d6,60,20,95,44,97,e3,f3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-17 18:53:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-17 17:53
.
Vor Suchlauf: 17 Verzeichnis(se), 14.118.645.760 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 13.510.094.848 Bytes frei
.
- - End Of File - - 861B684AAE8E2C92E0274C2A6F9B4819
|
|
18.12.2014, 20:23
| #6 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Domain und IP beim Systemstart geblockt. |
|
19.12.2014, 14:01
| #7 |
| | Domain und IP beim Systemstart geblockt. mbam.txt : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.12.2014 Suchlauf-Zeit: 13:36:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.19.04 Rootkit Datenbank: v2014.12.14.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Patrick Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 419265 Verstrichene Zeit: 7 Min, 30 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Patrick on 19.12.2014 at 13:52:33,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Patrick\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
~~~ FireFox
Successfully deleted: [File] C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\m0loj50j.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted: [Folder] C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\m0loj50j.default\extensions\staged
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.12.2014 at 13:54:21,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 19/12/2014 um 13:48:45
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Local]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Patrick - PATRICK-PC
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\drivergenius
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Ordner Gelöscht : C:\Program Files (x86)\iSafe
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Ordner Gelöscht : C:\Users\Patrick\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Patrick\Desktop\drivergenius
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\user.js
Datei Gelöscht : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : GoforFilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v21.0 (de)
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "609553bf00000000000002004c4f4f50");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15968");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.613:20:42");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=124765&tt=160913_c1&tsp=5011");
[m0loj50j.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v39.0.2171.95
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ecb2959-b281-4698-b324-5ee619f46dad&apn_ptnrs=%5EAGS&apn_sauid=71F3B946-2744-4491-8F08-9C95B425ABBA&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ecb2959-b281-4698-b324-5ee619f46dad&apn_ptnrs=%5EAGS&apn_sauid=71F3B946-2744-4491-8F08-9C95B425ABBA&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=609502004C4F4F50&affID=124765&tt=160913_c1&tsp=5011
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC2EDB606-0A62-4614-BC56-B17DD340F875&SearchSource=58&CUI=&UM=5&UP=SPB10C3EFE-384A-4F97-861A-62C74BE808C1&q={searchTerms}&SSPV=
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC2EDB606-0A62-4614-BC56-B17DD340F875&SearchSource=58&CUI=&UM=5&UP=SPB10C3EFE-384A-4F97-861A-62C74BE808C1&q={searchTerms}&SSPV=
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
-\\ Chromium v
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ecb2959-b281-4698-b324-5ee619f46dad&apn_ptnrs=%5EAGS&apn_sauid=71F3B946-2744-4491-8F08-9C95B425ABBA&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ecb2959-b281-4698-b324-5ee619f46dad&apn_ptnrs=%5EAGS&apn_sauid=71F3B946-2744-4491-8F08-9C95B425ABBA&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=609502004C4F4F50&affID=124765&tt=160913_c1&tsp=5011
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC2EDB606-0A62-4614-BC56-B17DD340F875&SearchSource=58&CUI=&UM=5&UP=SPB10C3EFE-384A-4F97-861A-62C74BE808C1&q={searchTerms}&SSPV=
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC2EDB606-0A62-4614-BC56-B17DD340F875&SearchSource=58&CUI=&UM=5&UP=SPB10C3EFE-384A-4F97-861A-62C74BE808C1&q={searchTerms}&SSPV=
[C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [7292 octets] - [19/12/2014 13:47:14]
AdwCleaner[S0].txt - [9042 octets] - [19/12/2014 13:48:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9102 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Patrick (administrator) on PATRICK-PC on 19-12-2014 13:58:14
Running from C:\Users\Patrick\Desktop
Loaded Profile: Patrick (Available profiles: Patrick & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
AppInit_DLLs-x32: c:\Windows\SysWOW64\appinit_dll.dll => c:\Windows\SysWOW64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {3E9B7001-3036-492d-BB77-68B0EE72A3AC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {679ABEC0-BCC4-4817-9536-9B0BD5D02149} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default
FF Homepage: google.de
FF NewTab: google.de
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2086523952-4110748753-4211001760-1000: ubisoft.com/uplaypc -> D:\Spiele\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: iMacros for Firefox - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-04]
FF HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [480096 2013-04-19] (cFos Software GmbH)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-13] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-17] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U5 Ps2; C:\Windows\System32\Drivers\Ps2.sys [19072 2010-03-18] (Hewlett-Packard Company) [File not signed]
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-16] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 VSPerfDrv100; D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-19] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-19 13:58 - 2014-12-19 13:58 - 00000000 ____D () C:\Users\Patrick\Desktop\FRST-OlderVersion
2014-12-19 13:57 - 2014-12-19 13:58 - 02121216 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2014-12-19 13:54 - 2014-12-19 13:54 - 00001670 _____ () C:\Users\Patrick\Desktop\JRT.txt
2014-12-19 13:52 - 2014-12-19 13:52 - 01707646 _____ (Thisisu) C:\Users\Patrick\Desktop\JRT.exe
2014-12-19 13:52 - 2014-12-19 13:52 - 00000000 ____D () C:\Windows\ERUNT
2014-12-19 13:48 - 2014-12-19 13:48 - 00009194 _____ () C:\Users\Patrick\Desktop\AdwCleaner[S0].txt
2014-12-19 13:47 - 2014-12-19 13:56 - 00000000 ____D () C:\AdwCleaner
2014-12-19 13:46 - 2014-12-19 13:45 - 02166272 _____ () C:\Users\Patrick\Desktop\AdwCleaner_4.105.exe
2014-12-19 13:45 - 2014-12-19 13:45 - 00001198 _____ () C:\Users\Patrick\Desktop\mbam.txt
2014-12-18 14:13 - 2014-12-18 14:15 - 00025600 ___SH () C:\Users\Patrick\AppData\Roaming\Thumbs.db
2014-12-18 14:13 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 18:53 - 2014-12-17 18:53 - 00047869 _____ () C:\ComboFix.txt
2014-12-17 18:46 - 2014-12-17 18:53 - 00000000 ____D () C:\Qoobox
2014-12-17 18:46 - 2014-12-17 18:52 - 00000000 ____D () C:\Windows\erdnt
2014-12-17 18:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-17 18:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-17 18:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-17 18:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-17 18:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-17 18:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-17 18:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-17 18:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-17 18:45 - 2014-12-17 18:45 - 05601641 ____R (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe
2014-12-17 18:33 - 2014-12-17 18:39 - 00421594 _____ () C:\Users\Patrick\Desktop\Digitaler Adventskalender.camproj
2014-12-17 18:33 - 2014-12-17 18:35 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender AVI
2014-12-17 18:25 - 2014-12-17 18:27 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender 1
2014-12-17 18:10 - 2014-12-17 18:12 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender
2014-12-17 17:58 - 2014-12-17 17:59 - 00000000 ____D () C:\Users\Patrick\Desktop\Unbenannt
2014-12-17 17:06 - 2014-12-17 17:07 - 00000000 ____D () C:\Users\Patrick\Desktop\Adventskalender
2014-12-16 19:36 - 2014-12-19 13:58 - 00023635 _____ () C:\Users\Patrick\Desktop\FRST.txt
2014-12-16 19:36 - 2014-12-19 13:58 - 00000000 ____D () C:\FRST
2014-12-16 19:36 - 2014-12-16 19:37 - 00060939 _____ () C:\Users\Patrick\Desktop\Addition.txt
2014-12-16 19:00 - 2014-12-19 13:50 - 00003464 _____ () C:\Windows\PFRO.log
2014-12-16 19:00 - 2014-12-19 13:50 - 00001187 _____ () C:\Windows\setupact.log
2014-12-16 19:00 - 2014-12-16 19:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-16 18:47 - 2014-12-16 18:47 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-16 18:38 - 2014-09-11 08:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Patrick\Desktop\procexp.exe
2014-12-12 13:29 - 2014-12-12 13:29 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-12-12 13:29 - 2014-12-12 13:29 - 00000000 ____D () C:\ProgramData\IObit
2014-12-12 13:29 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-12-12 13:29 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-12-12 13:28 - 2014-12-12 13:28 - 00001177 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\IObit
2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-12 13:28 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2014-12-11 15:26 - 2014-12-11 15:26 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 15:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 15:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 16:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 16:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 16:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 16:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 16:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 16:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 16:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 16:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 16:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 16:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 16:00 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 16:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 16:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 16:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 16:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 16:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 16:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 16:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 16:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 16:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 16:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 16:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 16:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 16:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 16:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 16:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 16:00 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 16:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 16:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 16:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 16:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 16:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 16:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 16:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 16:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 16:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 16:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 16:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 16:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 16:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 16:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 16:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 16:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 16:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 16:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 16:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 16:00 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 16:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 16:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 16:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 16:00 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 16:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 16:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 16:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 16:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 16:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 16:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 16:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 16:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 15:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 15:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 15:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 15:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 15:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 15:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 15:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 15:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 15:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 15:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 15:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 15:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 15:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 15:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 15:01 - 2014-12-09 15:01 - 00000000 ____D () C:\ProgramData\ATI
2014-12-09 15:00 - 2014-12-09 15:00 - 00053736 _____ () C:\Windows\SysWOW64\CCCInstall_201412091500484656.log
2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-05 20:04 - 2014-12-05 20:06 - 00000000 ____D () C:\Users\Patrick\Desktop\Login
2014-12-05 16:46 - 2014-12-05 16:46 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201412051646372745.log
2014-12-02 15:45 - 2014-12-02 15:48 - 00000000 ____D () C:\Users\Patrick\Desktop\Programme
2014-12-02 15:10 - 2014-12-19 13:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 15:10 - 2014-12-04 22:20 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-02 15:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-02 15:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-02 15:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-02 13:47 - 2014-12-02 13:47 - 00494968 _____ () C:\Windows\SysWOW64\scrypt140202Pitcairnglg2tc8192w64l4.bin
2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 _____ () C:\Users\Patrick\Desktop\NC27B-KTB2D-7CBPW-PHKXB-88C9R.txt
2014-11-26 18:22 - 2014-11-26 18:22 - 00003128 _____ () C:\Windows\System32\Tasks\Origin
2014-11-21 03:44 - 2014-11-21 03:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-21 03:41 - 2014-11-21 03:41 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-21 03:40 - 2014-11-21 03:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-21 03:33 - 2014-11-21 03:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-21 03:32 - 2014-11-21 03:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-21 03:24 - 2014-11-21 03:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-21 03:17 - 2014-11-21 03:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-21 03:15 - 2014-11-21 03:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-21 03:13 - 2014-11-21 03:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00774656 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00244736 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-21 03:10 - 2014-11-21 03:10 - 00843776 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-21 03:08 - 2014-11-21 03:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-11-19 16:30 - 2014-11-19 16:30 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-19 13:58 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 13:58 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 13:54 - 2010-11-21 07:50 - 00836188 _____ () C:\Windows\system32\perfh007.dat
2014-12-19 13:54 - 2010-11-21 07:50 - 00199596 _____ () C:\Windows\system32\perfc007.dat
2014-12-19 13:54 - 2009-07-14 06:13 - 01984350 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 13:51 - 2014-10-27 16:01 - 00005088 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC
2014-12-19 13:50 - 2014-11-14 12:35 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-12-19 13:50 - 2014-02-17 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0.job
2014-12-19 13:50 - 2013-09-03 20:34 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-12-19 13:50 - 2013-04-17 16:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 13:50 - 2013-04-17 15:31 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-19 13:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 13:49 - 2013-04-16 21:24 - 01414524 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 13:48 - 2014-08-27 18:09 - 00000000 ____D () C:\Windows\system32\log
2014-12-19 13:46 - 2013-05-08 19:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 17:07 - 2013-04-17 15:31 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-17 18:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-17 18:51 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-17 18:50 - 2009-07-14 03:34 - 39321600 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-17 18:50 - 2009-07-14 03:34 - 117964800 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-17 18:50 - 2009-07-14 03:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-17 18:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-17 18:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-17 18:48 - 2013-04-17 15:35 - 00000000 ____D () C:\ProgramData\Temp
2014-12-16 18:55 - 2013-09-03 19:34 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 18:55 - 2013-05-26 16:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
2014-12-16 18:55 - 2013-05-07 14:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-16 18:55 - 2013-04-27 23:40 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\FileZilla
2014-12-16 18:55 - 2013-04-27 22:38 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\TS3Client
2014-12-16 18:55 - 2013-04-19 21:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\BitTorrent
2014-12-16 18:55 - 2013-04-16 22:21 - 00000000 ____D () C:\Windows\Panther
2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-16 17:57 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-16 17:34 - 2014-04-16 14:25 - 00000929 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-15 21:53 - 2013-04-22 17:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 23:14 - 2014-03-25 13:12 - 00000000 ____D () C:\Users\Patrick\Desktop\Games
2014-12-12 18:52 - 2013-04-17 16:04 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 13:47 - 2014-03-31 13:32 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-11 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 15:26 - 2014-05-08 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 15:10 - 2013-04-22 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 15:09 - 2013-08-15 20:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 15:04 - 2013-04-17 20:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:46 - 2013-05-08 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:46 - 2013-05-08 19:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:46 - 2013-05-08 19:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 15:00 - 2014-03-31 13:58 - 00000000 ____D () C:\ProgramData\AMD
2014-12-09 14:59 - 2014-03-31 13:39 - 00000000 ____D () C:\Program Files\AMD
2014-12-09 14:58 - 2014-03-31 13:56 - 00000000 ____D () C:\AMD
2014-12-07 21:30 - 2013-04-17 19:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-12-06 20:53 - 2013-05-17 16:17 - 00000000 ____D () C:\Program Files (x86)\Metin2
2014-12-05 16:45 - 2013-10-10 18:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-05 13:33 - 2013-10-26 17:08 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\vlc
2014-12-02 15:47 - 2013-09-22 20:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\.minecraft
2014-12-02 15:10 - 2013-04-27 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 22:18 - 2013-04-22 17:17 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook Files
2014-11-29 18:40 - 2013-11-04 16:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Audacity
2014-11-26 18:55 - 2013-04-21 17:45 - 00000000 ____D () C:\Users\Patrick\Documents\My Games
2014-11-26 18:22 - 2013-10-10 17:48 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Origin
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 03:44 - 2014-09-15 23:31 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-21 03:12 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-21 03:09 - 2014-11-17 18:52 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-11-21 03:09 - 2014-09-15 22:59 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-19 16:30 - 2013-04-19 13:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
Files to move or delete:
====================
C:\Users\Patrick\AppData\Roaming\Origin\update.vbe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 22:33
==================== End Of Log ============================
LG |
|
20.12.2014, 10:27
| #8 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.12.2014, 21:53
| #9 |
| | Domain und IP beim Systemstart geblockt. log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d478d9602b3a4742b3342316059cac7e
# engine=21650
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 08:45:09
# local_time=2014-12-20 09:45:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1806 16777213 100 100 7058 16435197 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 119010 170738159 0 0
# scanned=529788
# found=67
# cleaned=66
# scan_time=3213
sh=1896BA306DA014C884E435A51AF9111B92ED68F9 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CJ Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=CCDA326CAED906E07665E68C3508EA097E97450A ft=1 fh=c8a6a86db5167b0a vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000"
sh=CCDA326CAED906E07665E68C3508EA097E97450A ft=1 fh=c8a6a86db5167b0a vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000001"
sh=CCDA326CAED906E07665E68C3508EA097E97450A ft=1 fh=c8a6a86db5167b0a vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000002"
sh=A5A8E0758FE02D5BADD2C5D6BD2DA512E83884F4 ft=1 fh=0d8c42e01599a925 vn="Win32/Somoto.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000"
sh=8D5862645FCF92080F4F9AD3AFAA3182B584D3D8 ft=1 fh=2303f890ba5e45b2 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000000"
sh=3B0FF3665CE8CD894157DA87A2AAD0E2D2F01602 ft=1 fh=d1aa338e7ce25f86 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000"
sh=65240058E807D23288F1D68604652459FA4732A4 ft=1 fh=2fa68c3d2698ea47 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\013\t\00\00000000"
sh=580D2D00B0D928CC9B4C7A1B55165541D7C4B4B7 ft=1 fh=a0b60cf47d219664 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\013\t\00\00000001"
sh=E9449A1A34FBC75F14FA6DA509D510DE19085107 ft=1 fh=870b846ad4cdeb14 vn="Variante von Win32/4Shared.U evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\014\t\00\00000000"
sh=7BF3AD6BA37F1F5FE0878837A87ED751ED8FCD6B ft=1 fh=5a6b87f9430c7c34 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000"
sh=92A9DE25386F4072D2BEDDE25E297486730024FE ft=1 fh=cb61a9148016db04 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\File System\016\t\00\00000000"
sh=ADB79C58729182B9C0926D43F332489B76DB42F5 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CI Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\AppData\Roaming\Origin\update.vbe"
sh=2F78F398475F3FAA7428531AEA4695657CB7E89A ft=1 fh=a68bece5a407e558 vn="Variante von Win32/Packed.Themida.AAP Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Desktop\Server (Desktop)\EXP_Edit_v1.5_by_Eddy².exe"
sh=2F78F398475F3FAA7428531AEA4695657CB7E89A ft=1 fh=a68bece5a407e558 vn="Variante von Win32/Packed.Themida.AAP Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Desktop\Server (Desktop)\Neuer Ordner\DIF\EXP_Edit_v1.5_by_Eddy².exe"
sh=D6F1705F75980724A26D879D6D9E62CCD9AAC6FD ft=1 fh=865d3495fd0f0a8d vn="Variante von Generik.BROBMYK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Desktop\Server (Desktop)\Quests\hitfaker\HitFaker.exe"
sh=C6D57FA193E6ACF34DF0E243A228179D2F7BA2F5 ft=1 fh=470efc78ccfd150b vn="Variante von Win32/Packed.Themida.AAN Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Desktop\Switchbot (Padmak)\core\switchbot.dll"
sh=E9D60BF5F77A1192C67A66F40B351F55646DFD74 ft=1 fh=e1897d368075fe60 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Desktop\USB\Dll-Files.com Fixer\DLLFixer.exe"
sh=44A315AAA7F006AE8342751A3D01D3E0E2BD41E6 ft=1 fh=e23e3184587da44d vn="Win32/Somoto.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Patrick\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe"
sh=894F9C9EBD437871FEE4241688BCC7F6F9041403 ft=1 fh=57d42695d5785c4c vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF60.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=BF4BF86C4543E8FD902678930B0069556E6794CB ft=1 fh=66df7b880be5992e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF60.tmp-\sppsm.dll"
sh=7BDB48CB90722DF3CC34CA4D5B0457359BAF9889 ft=1 fh=c3170d6826420b39 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF60.tmp-\spusm.dll"
sh=894F9C9EBD437871FEE4241688BCC7F6F9041403 ft=1 fh=57d42695d5785c4c vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF94.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=BF4BF86C4543E8FD902678930B0069556E6794CB ft=1 fh=66df7b880be5992e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF94.tmp-\sppsm.dll"
sh=7BDB48CB90722DF3CC34CA4D5B0457359BAF9889 ft=1 fh=c3170d6826420b39 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIFF94.tmp-\spusm.dll"
sh=1896BA306DA014C884E435A51AF9111B92ED68F9 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CJ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=25FA1C487C6BEEF001D01C5AF946F1E4A6EBE047 ft=1 fh=7a304a4c0ee2fb5a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Active ISO Burner - CHIP-Downloader.exe"
sh=65240058E807D23288F1D68604652459FA4732A4 ft=1 fh=2fa68c3d2698ea47 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\AviraInternetSecuritySuite2014v14+License_downloader-3dAFb4Md.exe"
sh=B5A15A45B317BA823461F71E7CDBC79D104A7562 ft=1 fh=73b5f2dadd71fb46 vn="Variante von Win32/FirseriaInstaller.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\call of duty black ops hack 2013.exe"
sh=A5A8E0758FE02D5BADD2C5D6BD2DA512E83884F4 ft=1 fh=0d8c42e01599a925 vn="Win32/Somoto.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe"
sh=DAA98E3C096CD2AAB3E48A9AB81A12D451B2B472 ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\COMPUTER_BILD-Download-Manager_fuer_hexedit.exe"
sh=FF3598B6D04BAE8F7F6FC74F1B671B2B956B28BF ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\COMPUTER_BILD-Download-Manager_fuer_SetupVirtualCloneDrive5.exe"
sh=3DEF3D5140C73F8BF0CED6ECF541B5B1BB2F306F ft=1 fh=a5638d37cc1a07cc vn="Variante von Win32/ExpressDownloader.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Culcha_Candela_-_Von_Allein_downloader (1).exe"
sh=6FC1ACABAE984C598C677068C1E2B0168786FB3E ft=1 fh=5d14fe151943d389 vn="Variante von Win32/ExpressDownloader.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Culcha_Candela_-_Von_Allein_downloader (2).exe"
sh=AB5B2DFD0B41F61FCDF6D5A3F15435C5B2902839 ft=1 fh=e3d3a34bffa0f864 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Culcha_Candela_-_Von_Allein_downloader.exe"
sh=2D47123B8608D4818326B72C005E229E93FBC145 ft=1 fh=ac498f0af5877273 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\dff_fp3wft-msvcr110.exe"
sh=BAED882875545761EFF2336E975BC375827C504A ft=1 fh=1d6df4f23b3820ee vn="MSIL/MyPCBackup.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\disk-defrag-454setup.exe"
sh=17BC6D739C8BD3A6AAF3B178368B5B802080BFD8 ft=1 fh=c8aec208f77dccf1 vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Driver Genius Professional_14.rar.exe"
sh=580D2D00B0D928CC9B4C7A1B55165541D7C4B4B7 ft=1 fh=a0b60cf47d219664 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DriverTuner_Setup_downloader-I6sk4rxyl (1).exe"
sh=D0B7AA9ADBC14455557DB6A3B098EBC14B86A028 ft=1 fh=9c7686ac498c1bf3 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DriverTuner_Setup_downloader-I6sk4rxyl.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DTLite4491-0356.exe"
sh=7BF3AD6BA37F1F5FE0878837A87ED751ED8FCD6B ft=1 fh=5a6b87f9430c7c34 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\FLVPlayer_downloader-NfGznxRy1.exe"
sh=E9449A1A34FBC75F14FA6DA509D510DE19085107 ft=1 fh=870b846ad4cdeb14 vn="Variante von Win32/4Shared.U evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Helene Fischer - Farbenspiel (2013).exe"
sh=CCDA326CAED906E07665E68C3508EA097E97450A ft=1 fh=c8a6a86db5167b0a vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Helene_Fischer_Farbenspiel_2013_ (1).exe"
sh=CCDA326CAED906E07665E68C3508EA097E97450A ft=1 fh=c8a6a86db5167b0a vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Helene_Fischer_Farbenspiel_2013_.exe"
sh=6CCF8D7347A45C711C47366017AD6683D32FCDF6 ft=1 fh=cbb3dfc567adcb54 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Hex Editor MX - CHIP-Downloader.exe"
sh=74420323902CA25AB5BF45F3B8FF8A57C7EB9E63 ft=1 fh=91f5f22ba93a1cf6 vn="Win32/InstallMonetizer.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Ice-run+Regeny.rar.exe"
sh=7B13935E468D551E57133FDAA696B054347CC93E ft=1 fh=e4f4efc4ed4957e2 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\iLividSetup-r484-n-bc (1).exe"
sh=44E990F96C338F9E3DCF0C80B76220FB6380DBE3 ft=1 fh=729ad51526c46fbb vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\iLividSetup-r484-n-bc (2).exe"
sh=5281EA99625F2FA1E760CB457C302962374C24BA ft=1 fh=dfd2691ec14c4544 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\iLividSetup-r484-n-bc (3).exe"
sh=7B13935E468D551E57133FDAA696B054347CC93E ft=1 fh=e4f4efc4ed4957e2 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\iLividSetup-r484-n-bc.exe"
sh=D16B67F57801CE86155D4C80C94673A8244B0124 ft=1 fh=c28c8153df097161 vn="Variante von Win32/Vittalia.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\installer_ardamax_keylogger_English.exe"
sh=8D5862645FCF92080F4F9AD3AFAA3182B584D3D8 ft=1 fh=2303f890ba5e45b2 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Java.exe"
sh=D8DC9CAFF7EBC56E4E303226B33284A1BF3D361D ft=1 fh=e75e9be5e7ade7e9 vn="Variante von Win32/Verti.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\MediaPlayerClassic.exe"
sh=5963684881FAD9C9475E8EAFF5B9600D45EAF3FA ft=1 fh=93e51bdc8006bf18 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Paint NET - CHIP-Installer.exe"
sh=3623E05AA8A99B3A506F9F9E054D22A7C1CC8DBF ft=1 fh=5af4b53deafb4244 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\SoftonicDownloader_fuer_hear.exe"
sh=ABBAA6ADA9B22A72927213EB1BA0EBEDDC965BFF ft=1 fh=888650ef2cb9aead vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\SoftonicDownloader_fuer_yac.exe"
sh=92A9DE25386F4072D2BEDDE25E297486730024FE ft=1 fh=cb61a9148016db04 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\U2_All_That_You_Can_t_Leave_Behind_MP3_@320.exe"
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Unlocker1.9.2.exe"
sh=E686F099C0A72FFED2F4D28626F45CF76474FD0A ft=1 fh=84f81169fc231289 vn="Win32/Skymonk.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VAFuturol.66-VOiCE.rar_19537265_50_letF.exe"
sh=176E9A377925D06A36AEF7682B941F219D568238 ft=1 fh=cb44b3de753c5321 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Virtual CloneDrive - CHIP-Downloader.exe"
sh=6D0F53D9D871D35579350684A0BADEB40593C704 ft=1 fh=2c335445781575cd vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\23.09.2013\bs_ASProtect (1).exe"
sh=6D0F53D9D871D35579350684A0BADEB40593C704 ft=1 fh=2c335445781575cd vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\23.09.2013\bs_ASProtect.exe"
sh=A8F93378CD46E4CDE9BCF089E9FB4258993A78A1 ft=1 fh=3b6c45de7cff4929 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\31.102013\Bat_To_Exe_Converter.exe"
sh=D1370E632B3D0DD9D1D3250D181EC9563AA2A226 ft=1 fh=dbdd0791afa1f0e1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\31.102013\Prime95 - CHIP-Downloader.exe"
sh=5F3FBCA00AA8DEE17FF34FC6D0CB7E3F55314B73 ft=1 fh=1e4266cc5aaaaecd vn="Win32/HackTool.Steam.E Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Spiele\Rust 14.03\Rust Launcher.exe"
sh=C6D57FA193E6ACF34DF0E243A228179D2F7BA2F5 ft=1 fh=470efc78ccfd150b vn="Variante von Win32/Packed.Themida.AAN Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\METIN2\Switchbotv3_1\core\switchbot.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader XI Mozilla Firefox 21.0 Firefox out of Date! Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) Google Chrome (dmlconf.dat..) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014 Ran by Patrick (administrator) on PATRICK-PC on 20-12-2014 21:50:48 Running from C:\Users\Patrick\Desktop Loaded Profile: Patrick (Available profiles: Patrick & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\schtasks.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB) HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.) AppInit_DLLs-x32: c:\Windows\SysWOW64\appinit_dll.dll => c:\Windows\SysWOW64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = google.de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {3E9B7001-3036-492d-BB77-68B0EE72A3AC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2086523952-4110748753-4211001760-1000 -> {679ABEC0-BCC4-4817-9536-9B0BD5D02149} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default FF Homepage: google.de FF NewTab: google.de FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2086523952-4110748753-4211001760-1000: ubisoft.com/uplaypc -> D:\Spiele\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: iMacros for Firefox - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\m0loj50j.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-01-25] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-04] FF HKU\S-1-5-21-2086523952-4110748753-4211001760-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE CHR StartupUrls: Default -> "hxxp://google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23] CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-04] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [480096 2013-04-19] (cFos Software GmbH) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-08] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] () S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-13] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-07-18] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-17] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) U5 Ps2; C:\Windows\System32\Drivers\Ps2.sys [19072 2010-03-18] (Hewlett-Packard Company) [File not signed] S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-16] (Duplex Secure Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.) S3 VSPerfDrv100; D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-20] () S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 21:48 - 2014-12-20 21:48 - 00852505 _____ () C:\Users\Patrick\Desktop\SecurityCheck.exe 2014-12-20 20:50 - 2014-12-20 20:50 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-19 13:58 - 2014-12-20 21:50 - 00000000 ____D () C:\Users\Patrick\Desktop\FRST-OlderVersion 2014-12-19 13:57 - 2014-12-20 21:50 - 02122240 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe 2014-12-19 13:54 - 2014-12-19 13:54 - 00001670 _____ () C:\Users\Patrick\Desktop\JRT.txt 2014-12-19 13:52 - 2014-12-19 13:52 - 01707646 _____ (Thisisu) C:\Users\Patrick\Desktop\JRT.exe 2014-12-19 13:52 - 2014-12-19 13:52 - 00000000 ____D () C:\Windows\ERUNT 2014-12-19 13:48 - 2014-12-19 13:48 - 00009194 _____ () C:\Users\Patrick\Desktop\AdwCleaner[S0].txt 2014-12-19 13:47 - 2014-12-19 13:56 - 00000000 ____D () C:\AdwCleaner 2014-12-19 13:46 - 2014-12-19 13:45 - 02166272 _____ () C:\Users\Patrick\Desktop\AdwCleaner_4.105.exe 2014-12-19 13:45 - 2014-12-19 13:45 - 00001198 _____ () C:\Users\Patrick\Desktop\mbam.txt 2014-12-18 14:13 - 2014-12-18 14:15 - 00025600 ___SH () C:\Users\Patrick\AppData\Roaming\Thumbs.db 2014-12-18 14:13 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 14:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 18:53 - 2014-12-17 18:53 - 00047869 _____ () C:\ComboFix.txt 2014-12-17 18:46 - 2014-12-17 18:53 - 00000000 ____D () C:\Qoobox 2014-12-17 18:46 - 2014-12-17 18:52 - 00000000 ____D () C:\Windows\erdnt 2014-12-17 18:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-17 18:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-17 18:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-17 18:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-17 18:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-17 18:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-17 18:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-17 18:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-17 18:45 - 2014-12-17 18:45 - 05601641 ____R (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe 2014-12-17 18:33 - 2014-12-17 18:39 - 00421594 _____ () C:\Users\Patrick\Desktop\Digitaler Adventskalender.camproj 2014-12-17 18:33 - 2014-12-17 18:35 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender AVI 2014-12-17 18:25 - 2014-12-17 18:27 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender 1 2014-12-17 18:10 - 2014-12-17 18:12 - 00000000 ____D () C:\Users\Patrick\Desktop\Digitaler Adventskalender 2014-12-17 17:58 - 2014-12-17 17:59 - 00000000 ____D () C:\Users\Patrick\Desktop\Unbenannt 2014-12-17 17:06 - 2014-12-17 17:07 - 00000000 ____D () C:\Users\Patrick\Desktop\Adventskalender 2014-12-16 19:36 - 2014-12-20 21:50 - 00024703 _____ () C:\Users\Patrick\Desktop\FRST.txt 2014-12-16 19:36 - 2014-12-20 21:50 - 00000000 ____D () C:\FRST 2014-12-16 19:00 - 2014-12-20 20:46 - 00004136 _____ () C:\Windows\PFRO.log 2014-12-16 19:00 - 2014-12-20 20:46 - 00001299 _____ () C:\Windows\setupact.log 2014-12-16 19:00 - 2014-12-16 19:00 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-16 18:47 - 2014-12-16 18:47 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-16 18:38 - 2014-09-11 08:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Patrick\Desktop\procexp.exe 2014-12-12 13:29 - 2014-12-12 13:29 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update 2014-12-12 13:29 - 2014-12-12 13:29 - 00000000 ____D () C:\ProgramData\IObit 2014-12-12 13:29 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2014-12-12 13:29 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2014-12-12 13:28 - 2014-12-12 13:28 - 00001177 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\IObit 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-12-12 13:28 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2014-12-11 15:26 - 2014-12-11 15:26 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 15:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 15:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 16:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 16:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 16:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 16:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 16:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 16:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 16:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 16:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 16:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 16:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 16:00 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 16:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 16:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 16:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 16:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 16:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 16:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 16:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 16:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 16:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 16:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 16:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 16:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 16:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 16:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 16:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 16:00 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 16:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 16:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 16:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 16:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 16:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 16:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 16:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 16:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 16:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 16:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 16:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 16:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 16:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 16:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 16:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 16:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 16:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 16:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 16:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 16:00 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 16:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 16:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 16:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 16:00 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 16:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 16:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 16:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 16:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 16:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 16:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 16:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 16:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 16:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 15:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 15:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 15:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 15:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 15:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 15:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 15:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 15:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 15:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 15:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 15:01 - 2014-12-09 15:01 - 00000000 ____D () C:\ProgramData\ATI 2014-12-09 15:00 - 2014-12-09 15:00 - 00053736 _____ () C:\Windows\SysWOW64\CCCInstall_201412091500484656.log 2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-12-09 15:00 - 2014-12-09 15:00 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-12-05 20:04 - 2014-12-05 20:06 - 00000000 ____D () C:\Users\Patrick\Desktop\Login 2014-12-05 16:46 - 2014-12-05 16:46 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201412051646372745.log 2014-12-02 15:45 - 2014-12-02 15:48 - 00000000 ____D () C:\Users\Patrick\Desktop\Programme 2014-12-02 15:10 - 2014-12-20 21:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-02 15:10 - 2014-12-04 22:20 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-02 15:10 - 2014-12-04 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-02 15:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-02 15:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-02 15:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-02 13:47 - 2014-12-02 13:47 - 00494968 _____ () C:\Windows\SysWOW64\scrypt140202Pitcairnglg2tc8192w64l4.bin 2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 _____ () C:\Users\Patrick\Desktop\NC27B-KTB2D-7CBPW-PHKXB-88C9R.txt 2014-11-26 18:22 - 2014-11-26 18:22 - 00003128 _____ () C:\Windows\System32\Tasks\Origin 2014-11-21 03:44 - 2014-11-21 03:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-11-21 03:43 - 2014-11-21 03:43 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2014-11-21 03:43 - 2014-11-21 03:43 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-11-21 03:41 - 2014-11-21 03:41 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2014-11-21 03:40 - 2014-11-21 03:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-11-21 03:33 - 2014-11-21 03:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe 2014-11-21 03:33 - 2014-11-21 03:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-11-21 03:33 - 2014-11-21 03:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-11-21 03:32 - 2014-11-21 03:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2014-11-21 03:31 - 2014-11-21 03:31 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-11-21 03:31 - 2014-11-21 03:31 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-11-21 03:24 - 2014-11-21 03:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2014-11-21 03:19 - 2014-11-21 03:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2014-11-21 03:18 - 2014-11-21 03:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2014-11-21 03:17 - 2014-11-21 03:17 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap 2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\SysWOW64\atiapfxx.blb 2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb 2014-11-21 03:17 - 2014-11-21 03:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-11-21 03:17 - 2014-11-21 03:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-11-21 03:17 - 2014-11-21 03:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-11-21 03:16 - 2014-11-21 03:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-11-21 03:15 - 2014-11-21 03:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2014-11-21 03:13 - 2014-11-21 03:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap 2014-11-21 03:13 - 2014-11-21 03:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2014-11-21 03:13 - 2014-11-21 03:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2014-11-21 03:12 - 2014-11-21 03:12 - 00774656 _____ (AMD) C:\Windows\system32\atieclxx.exe 2014-11-21 03:12 - 2014-11-21 03:12 - 00244736 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2014-11-21 03:12 - 2014-11-21 03:12 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-11-21 03:12 - 2014-11-21 03:12 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-11-21 03:10 - 2014-11-21 03:10 - 00843776 _____ (AMD) C:\Windows\system32\coinst_14.50.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-11-21 03:08 - 2014-11-21 03:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2014-11-21 03:08 - 2014-11-21 03:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll 2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 21:50 - 2013-04-17 16:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-20 21:46 - 2013-05-08 19:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-20 21:44 - 2014-07-10 13:25 - 00000000 ____D () C:\Users\Patrick\Desktop\Server (Desktop) 2014-12-20 21:44 - 2013-10-10 17:48 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Origin 2014-12-20 20:57 - 2014-10-27 16:01 - 00005088 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC 2014-12-20 20:53 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-20 20:53 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-20 20:50 - 2013-04-16 21:24 - 01457913 _____ () C:\Windows\WindowsUpdate.log 2014-12-20 20:50 - 2010-11-21 07:50 - 00836188 _____ () C:\Windows\system32\perfh007.dat 2014-12-20 20:50 - 2010-11-21 07:50 - 00199596 _____ () C:\Windows\system32\perfc007.dat 2014-12-20 20:50 - 2009-07-14 06:13 - 01984350 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-20 20:46 - 2014-11-14 12:35 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-12-20 20:46 - 2014-02-17 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2c1160eb8ee0.job 2014-12-20 20:46 - 2013-09-03 20:34 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-12-20 20:46 - 2013-04-17 15:31 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-12-20 20:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-19 13:48 - 2014-08-27 18:09 - 00000000 ____D () C:\Windows\system32\log 2014-12-18 17:07 - 2013-04-17 15:31 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-12-17 18:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-17 18:51 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-17 18:50 - 2009-07-14 03:34 - 39321600 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-12-17 18:50 - 2009-07-14 03:34 - 117964800 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-12-17 18:50 - 2009-07-14 03:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-12-17 18:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-12-17 18:50 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-12-17 18:48 - 2013-04-17 15:35 - 00000000 ____D () C:\ProgramData\Temp 2014-12-16 18:55 - 2013-09-03 19:34 - 00000000 ____D () C:\Windows\Minidump 2014-12-16 18:55 - 2013-05-26 16:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite 2014-12-16 18:55 - 2013-05-07 14:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-16 18:55 - 2013-04-27 23:40 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\FileZilla 2014-12-16 18:55 - 2013-04-27 22:38 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\TS3Client 2014-12-16 18:55 - 2013-04-19 21:25 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\BitTorrent 2014-12-16 18:55 - 2013-04-16 22:21 - 00000000 ____D () C:\Windows\Panther 2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-16 18:47 - 2014-04-17 23:17 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-16 17:57 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-16 17:34 - 2014-04-16 14:25 - 00000929 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-16 17:34 - 2013-07-18 11:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-15 21:53 - 2013-04-22 17:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 23:14 - 2014-03-25 13:12 - 00000000 ____D () C:\Users\Patrick\Desktop\Games 2014-12-12 18:52 - 2013-04-17 16:04 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-12 13:47 - 2014-03-31 13:32 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-12-11 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 15:26 - 2014-05-08 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 15:10 - 2013-04-22 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-11 15:09 - 2013-08-15 20:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 15:04 - 2013-04-17 20:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 21:46 - 2013-05-08 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 21:46 - 2013-05-08 19:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-09 21:46 - 2013-05-08 19:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 15:00 - 2014-03-31 13:58 - 00000000 ____D () C:\ProgramData\AMD 2014-12-09 14:59 - 2014-03-31 13:39 - 00000000 ____D () C:\Program Files\AMD 2014-12-09 14:58 - 2014-03-31 13:56 - 00000000 ____D () C:\AMD 2014-12-07 21:30 - 2013-04-17 19:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-12-06 20:53 - 2013-05-17 16:17 - 00000000 ____D () C:\Program Files (x86)\Metin2 2014-12-05 16:45 - 2013-10-10 18:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-05 13:33 - 2013-10-26 17:08 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\vlc 2014-12-02 15:47 - 2013-09-22 20:57 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\.minecraft 2014-12-02 15:10 - 2013-04-27 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-01 22:18 - 2013-04-22 17:17 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook Files 2014-11-29 18:40 - 2013-11-04 16:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Audacity 2014-11-26 18:55 - 2013-04-21 17:45 - 00000000 ____D () C:\Users\Patrick\Documents\My Games 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-21 03:44 - 2014-09-15 23:31 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2014-11-21 03:44 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-11-21 03:43 - 2014-09-15 23:31 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-11-21 03:43 - 2014-09-15 23:31 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-11-21 03:12 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-11-21 03:09 - 2014-11-17 18:52 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2014-11-21 03:09 - 2014-09-15 22:59 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 22:33 ==================== End Of Log ============================ LG |
|
21.12.2014, 19:54
| #10 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt. Flash und Firefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2014, 16:29
| #11 |
| | Domain und IP beim Systemstart geblockt. Flash und Firefox habe ich jetzt geupdatet. Fixlog.txt : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01
Ran by Patrick at 2014-12-22 16:18:29 Run:1
Running from C:\Users\Patrick\Desktop
Loaded Profile: Patrick (Available profiles: Patrick & DefaultAppPool)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Emptytemp:
*****************
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
EmptyTemp: => Removed 492.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:18:53 ====
|
|
23.12.2014, 12:09
| #12 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt. meine Frage?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.12.2014, 17:00
| #13 |
| | Domain und IP beim Systemstart geblockt. Danke für deine Hilfe. Der Fehler ist jetzt behoben  |
|
24.12.2014, 16:01
| #14 |
| /// the machine /// TB-Ausbilder | Domain und IP beim Systemstart geblockt. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2014, 14:00
| #15 |
| | Domain und IP beim Systemstart geblockt. Alles klar. Danke nochmal |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
