| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetproblem durch SchadsoftwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2015, 17:11
| #1 |
 |  Internetproblem durch Schadsoftware Guten Tag zusammen, ich kann seit einem Computerneustart, den ich wegen AdwCleaner durchgeführt habe, nicht mehr meinen PC mit dem Internet verbinden. Er ist über LAN mit meinem Router verbunden, und es wir lediglich ein "Nicht identifizierbares Netzwerk" angezeigt, welches keine Verbindung mit dem Internet herstellen kann. Es muss an meinem PC liegen, da ich über das selbe LAN-Kabel mit meinem Laptop eine Verbindung zum Internet herstellen konnte. AdwCleaner hatte ich benutzt, da ich versehentlich auf einen wahrscheinlich "virenversäuchten" Link auf Facebook gedrückt habe. Und seit dem Neutralisieren dieser beiden Registryeinträge Code:
ATTFilter Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555
Mein log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:46:23, on 01.02.2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.17183) Boot mode: Normal Running processes: E:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\erik\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = erik\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware server\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - E:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 10274 bytes Im Voraus besten Dank Turtleclasher |
|
01.02.2015, 17:19
| #2 |
| /// the machine /// TB-Ausbilder    | Internetproblem durch Schadsoftware hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.02.2015, 17:31
| #3 |
| | Internetproblem durch Schadsoftware Die FRST.txt
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by erik (administrator) on ERIK-PC on 01-02-2015 17:24:50
Running from C:\Users\erik\Desktop
Loaded Profiles: erik (Available profiles: erik & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() E:\Program Files (x86)\RocketDock\RocketDock.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Apache Software Foundation) C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Run: [RocketDock] => E:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\MountPoints2: {cb2ff856-a9fd-11e4-b4fe-005056c00008} - F:\pushinst.exe
Startup: C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll [410160] (VMware, Inc.)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll [410160] (VMware, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VLC for YouTube™) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel [2013-11-03]
CHR Extension: (Google Docs) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-09]
CHR Extension: (Google Drive) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-09]
CHR Extension: (GeoGebra) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-17]
CHR Extension: (Google-Suche) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-09]
CHR Extension: (Avira SafeSearch) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-07]
CHR Extension: (Steam Market Filter) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdpoeanmcbopmmdomongbohbmiolmom [2015-01-04]
CHR Extension: (Avira Browserschutz) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Heroes & Generals) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-20]
CHR Extension: (Easy Video Downloader Express) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\laglhpkadeejnkgdiphnegpajimagcld [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-09-07]
CHR Extension: (Google Mail) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-28] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-20] () [File not signed]
R2 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2485608 2015-01-20] (LogMeIn Inc.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S2 MBAMScheduler; E:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-02] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe [121392 2009-10-20] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [322096 2009-10-20] ()
R2 VMwareServerWebAccess; C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-10-20] (Apache Software Foundation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-07-03] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
S3 EverestDriver; C:\Users\erik\AppData\Local\Temp\EverestDriver.sys [9728 2005-08-17] () [File not signed]
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-07-03] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RDID1079; C:\Windows\System32\Drivers\rdwm1079.sys [199296 2009-09-17] (Roland Corporation)
S3 RTCore64; E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 WinRing0_1_2_0; \??\C:\Users\erik\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 17:24 - 2015-02-01 17:25 - 00020391 _____ () C:\Users\erik\Desktop\FRST.txt
2015-02-01 17:24 - 2015-02-01 17:24 - 00000000 ____D () C:\FRST
2015-02-01 17:24 - 2015-02-01 17:23 - 02131456 _____ (Farbar) C:\Users\erik\Desktop\FRST64.exe
2015-02-01 16:46 - 2015-02-01 16:46 - 00005236 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2015-02-01 16:04 - 2015-02-01 16:04 - 00001077 _____ () C:\Users\Public\Desktop\DriverToolkit.lnk
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\Users\erik\AppData\Local\DriverToolkit
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2015-02-01 16:03 - 2015-02-01 16:03 - 00001130 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-02-01 16:03 - 2014-05-17 03:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2015-02-01 16:00 - 2015-02-01 15:55 - 08039992 _____ () C:\Users\erik\Desktop\HSS-3.42-install-hss-691-conduit.exe
2015-02-01 16:00 - 2015-02-01 15:48 - 02448688 _____ (Megaify Software ) C:\Users\erik\Desktop\DriverToolkitInstaller (1).exe
2015-02-01 15:58 - 2015-02-01 16:00 - 00000000 ____D () C:\Users\erik\Desktop\Desktop 12 (1)
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\Users\erik\AppData\Roaming\WinFAQ
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2015-02-01 12:27 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2015-01-31 20:50 - 2015-01-31 20:50 - 02194432 _____ () C:\Users\erik\Downloads\AdwCleaner09.exe
2015-01-31 20:50 - 2015-01-31 20:50 - 02194432 _____ () C:\Users\erik\Downloads\adwcleaner_4.109.exe
2015-01-31 18:22 - 2013-09-24 11:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2015-01-31 18:20 - 2015-01-31 18:21 - 02137159 _____ () C:\Users\erik\Downloads\CoWo RegSvr.rar
2015-01-31 18:17 - 2015-01-31 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rama Studios
2015-01-31 18:14 - 2015-01-31 18:15 - 25183062 _____ () C:\Users\erik\Downloads\is_cowo_alphademo (1).rar
2015-01-30 14:31 - 2015-01-30 14:45 - 529422466 _____ () C:\Users\erik\Downloads\BWMod_A3_v1-1-1.rar
2015-01-25 12:40 - 2015-01-25 12:43 - 86614030 _____ () C:\Users\erik\Downloads\Watchtowers_FH2_24_SoundConversion.zip
2015-01-25 12:10 - 2015-01-25 12:10 - 02585352 _____ () C:\Users\erik\Downloads\mcpatcher-5.0.0_02.exe
2015-01-25 11:58 - 2015-01-25 11:58 - 00878207 _____ () C:\Users\erik\Downloads\OptiFine_1.8.0_HD_U_B6.jar
2015-01-25 11:57 - 2015-01-25 11:58 - 00340976 _____ () C:\Users\erik\Downloads\ShadersMod-v2.4.7mc1.8.jar
2015-01-25 10:44 - 2015-01-25 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-23 22:45 - 2015-01-23 22:50 - 192053771 _____ () C:\Users\erik\Downloads\(GÜNTHER JAUCH) Was will PegidaPegida Absage vom 19.01.2015.mp4
2015-01-18 18:26 - 2015-01-18 18:26 - 01739703 _____ () C:\Users\erik\Downloads\Titelblatt2.odt
2015-01-17 17:20 - 2015-01-17 17:20 - 00000090 ____H () C:\Users\erik\Desktop\.~lock.Unbenannt 1.odt#
2015-01-14 21:50 - 2015-01-14 21:51 - 63998906 _____ () C:\Users\erik\Downloads\Praktikum bei der Bundeswehr.mp4
2015-01-14 20:54 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 20:54 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 20:54 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 20:54 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 20:54 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 20:54 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 20:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 20:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 20:54 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 20:54 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 20:54 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 20:54 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 20:54 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 20:54 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 20:54 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-06 13:50 - 2015-01-06 13:50 - 03077905 _____ () C:\Users\erik\Downloads\forge-1.7.10-10.13.2.1230-installer.jar
2015-01-06 13:49 - 2015-01-06 13:49 - 08907076 _____ () C:\Users\erik\Downloads\forge-1.7.10-10.13.2.1230-javadoc.zip
2015-01-06 13:49 - 2015-01-06 13:49 - 08907076 _____ () C:\Users\erik\Downloads\forge-1.7.10-10.13.2.1230-javadoc (1).zip
2015-01-06 13:48 - 2015-01-06 13:48 - 00214961 _____ () C:\Users\erik\Downloads\ShadersModCore-v2.3.28-mc1.7.10-f.jar
2015-01-06 00:04 - 2015-01-06 00:04 - 00049152 ___SH () C:\Users\erik\AppData\Roaming\Thumbs.db
2015-01-04 14:11 - 2015-01-04 14:12 - 18554346 _____ () C:\Users\erik\Downloads\avidemux_2.6.8_win32_v2.exe
2015-01-04 14:01 - 2015-01-04 14:01 - 00000000 ____D () C:\Users\erik\AppData\Local\ExKode Co. Ltd
2015-01-04 13:56 - 2015-01-04 13:56 - 00000000 ____D () C:\Users\erik\AppData\Local\Dxtory Software
2015-01-04 13:56 - 2015-01-04 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2015-01-04 13:56 - 2014-06-08 22:14 - 02610736 _____ (ExKode Co. Ltd.) C:\Windows\system32\DxtoryCodec.dll
2015-01-04 13:56 - 2014-06-08 22:14 - 02508336 _____ (ExKode Co. Ltd.) C:\Windows\SysWOW64\DxtoryCodec.dll
2015-01-04 13:55 - 2015-01-04 13:56 - 03381648 _____ (ExKode Co. Ltd. ) C:\Users\erik\Downloads\DxtorySetup2.0.128.exe
2015-01-03 21:26 - 2015-01-03 21:26 - 00000000 ____D () C:\Users\erik\AppData\Roaming\BANDISOFT
2015-01-03 21:25 - 2015-01-03 21:25 - 00000744 _____ () C:\Users\fbwuser\Desktop\Bandicam.lnk
2015-01-03 21:25 - 2015-01-03 21:25 - 00000000 ____D () C:\Users\erik\Documents\Bandicam
2015-01-03 21:25 - 2015-01-03 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-01-03 21:25 - 2015-01-03 21:25 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-01-03 21:23 - 2015-01-03 21:24 - 09495760 _____ (Bandisoft) C:\Users\erik\Downloads\bdcamsetup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 17:19 - 2011-04-13 11:03 - 01973523 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 17:01 - 2013-10-16 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 16:46 - 2013-06-13 17:38 - 00000000 ____D () C:\Users\erik\.gimp-2.8
2015-02-01 16:38 - 2013-10-16 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 16:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 16:09 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:09 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 15:53 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\erik\AppData\Local\LogMeIn Hamachi
2015-02-01 15:47 - 2013-05-09 16:23 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BECF3B6-F14F-4810-917F-AC6386C003B6}
2015-02-01 15:40 - 2014-10-03 22:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 15:27 - 2014-11-08 12:35 - 00000000 ____D () C:\ProgramData\VMware
2015-02-01 15:26 - 2014-03-30 18:41 - 00082251 _____ () C:\Windows\setupact.log
2015-02-01 15:25 - 2013-10-16 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 15:25 - 2013-05-09 16:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-01 15:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 11:41 - 2014-10-03 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-31 21:03 - 2014-03-30 18:40 - 00045352 _____ () C:\Windows\PFRO.log
2015-01-31 21:02 - 2014-02-10 19:18 - 00000000 ____D () C:\AdwCleaner
2015-01-31 18:52 - 2013-10-19 15:57 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-31 18:52 - 2013-05-10 08:27 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-31 18:52 - 2013-05-09 20:19 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-31 18:48 - 2013-09-08 09:30 - 00000000 ____D () C:\ProgramData\Origin
2015-01-31 18:07 - 2013-05-19 18:05 - 00000000 ____D () C:\Users\erik\AppData\Roaming\TS3Client
2015-01-31 17:32 - 2014-04-20 19:36 - 00000000 ____D () C:\Users\erik\AppData\Local\Arma 3
2015-01-31 10:11 - 2014-06-02 18:05 - 00000000 ____D () C:\Users\erik\Desktop\Fotos
2015-01-31 10:03 - 2013-10-18 14:41 - 00000000 ___RD () C:\Users\erik\Dropbox
2015-01-31 09:59 - 2013-10-18 14:38 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Dropbox
2015-01-30 15:20 - 2014-04-20 19:36 - 00000000 ____D () C:\Users\erik\Documents\Arma 3
2015-01-25 12:14 - 2013-05-09 19:59 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.minecraft
2015-01-25 11:38 - 2013-10-16 19:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 11:38 - 2013-10-16 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 11:38 - 2013-10-16 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 10:55 - 2014-09-10 22:55 - 00000000 ____D () C:\Users\erik\AppData\Local\Adobe
2015-01-25 10:46 - 2013-06-16 10:15 - 00000000 ____D () C:\Windows\pss
2015-01-24 16:27 - 2014-04-24 16:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 11:23 - 2011-04-13 11:07 - 00023743 _____ () C:\Windows\Ascd_tmp.ini
2015-01-21 11:22 - 2011-04-13 11:07 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-01-14 21:14 - 2013-07-05 13:48 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 11:32 - 2014-07-17 12:41 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-11 10:25 - 2013-05-28 10:51 - 00000000 ____D () C:\Users\erik\AppData\Roaming\vlc
2015-01-06 04:36 - 2013-05-09 17:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 14:16 - 2013-10-17 19:37 - 00000000 ____D () C:\Users\erik\AppData\Roaming\avidemux
2015-01-04 14:02 - 2013-10-17 19:29 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-01-02 14:42 - 2013-05-10 15:12 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.technic
2015-01-02 14:41 - 2014-06-07 08:37 - 02346993 _____ () C:\Users\erik\Downloads\TechnicLauncher (1).exe
==================== Files in the root of some directories =======
2014-04-24 17:21 - 2014-05-19 15:27 - 0000305 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Login.ini
2014-04-24 16:40 - 2014-05-19 15:27 - 0001346 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Options.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000124 _____ () C:\Users\erik\AppData\Roaming\Camdata.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamLayout.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamShapes.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0004546 _____ () C:\Users\erik\AppData\Roaming\CamStudio.cfg
2015-01-06 00:04 - 2015-01-06 00:04 - 0049152 ___SH () C:\Users\erik\AppData\Roaming\Thumbs.db
2014-05-08 16:53 - 2014-05-13 19:14 - 0000096 _____ () C:\Users\erik\AppData\Roaming\version2.xml
2013-07-12 18:45 - 2014-04-08 21:00 - 0008704 _____ () C:\Users\erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 16:46 - 2015-02-01 16:46 - 0005236 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2014-04-24 19:47 - 2014-06-19 12:12 - 0007613 _____ () C:\Users\erik\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\erik\ich.bat
Some content of TEMP:
====================
C:\Users\erik\AppData\Local\Temp\avgnt.exe
C:\Users\erik\AppData\Local\Temp\bdfilters.dll
C:\Users\erik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiymhay.dll
C:\Users\erik\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\erik\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\erik\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\erik\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
C:\Users\erik\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\erik\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\erik\AppData\Local\Temp\nvStInst.exe
C:\Users\erik\AppData\Local\Temp\optprosetup.exe
C:\Users\erik\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\erik\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-30 13:15
==================== End Of Log ============================
--- --- --- Und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by erik at 2015-02-01 17:25:11
Running from C:\Users\erik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
0 A.D. (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\0 A.D.) (Version: r15849-alpha - Wildfire Games)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Best Of Wacht Am Rhein Mappack version 1.0 (HKLM-x32\...\{76BD67A8-13C7-4508-A767-3AC6DBFA6C02}_is1) (Version: 1.0 - [F|H] & [762])
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon iP4500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Countryball World Alpha Demo (HKLM-x32\...\{F07AB58A-8749-4E5B-87D6-E8A1BF443CA0}) (Version: 1.0 - Ihr Firmenname)
Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dr. Hardware 2014 14.0d (HKLM-x32\...\Dr. Hardware 2014_is1) (Version: - Peter A. Gebhard)
DriverToolkit version 8.4.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
Dropbox (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
Empire Earth II Demo (HKLM-x32\...\{03814958-6B1C-43FE-A6D4-D49EA1E5D524}) (Version: 1.1 - Sierra)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free DVD Video Burner version 3.2.7.925 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.7.925 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDUSA4 PERSONAL V5.1.2 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_1_2) (Version: V5.1.2 - CAD Schroer)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{66dd4460-4642-441a-9e2d-29fcaac99c37}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PerfectSphere (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\ce2965ae71956536) (Version: 1.0.0.0 - Cameron MacFarland)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PlanetSide 2 (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1213) (Version: - )
Registry System Wizard.NET (HKLM\...\{110ED870-1DF3-4574-A679-E2C4A8163211}_is1) (Version: 0.13.731.51 - WinFAQ)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMware Server (HKLM-x32\...\{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}) (Version: 2.0.0.2712 - VMware, Inc.)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> E:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {055A0A63-820A-43FF-8709-37F9E1433918} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {07DFEED0-CAC1-4FC8-9F1C-FF4F3AF3C228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {27D2C4CE-0022-468D-ACB9-31CBF55B60A3} - \Apps Hat Mini-enabler No Task File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe
Task: {2F9EFF80-E49F-4869-88A8-EE4C3282DCEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {3AE176B9-9D23-4573-B0AF-22F3BDCE80C3} - \Apps Hat Mini-updater No Task File <==== ATTENTION
Task: {5668B963-B27D-4661-9810-8FBDB539F8BB} - \Apps Hat Mini-firefoxinstaller No Task File <==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe
Task: {63B454DE-0DE5-40A3-BB2E-171734EC52AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {63FC5323-C164-4285-A79A-88B9DD9083F4} - \BrowserDefendert No Task File <==== ATTENTION
Task: {989EC81D-4512-4226-AAD5-1BDF03232D33} - \Apps Hat Mini-chromeinstaller No Task File <==== ATTENTION
Task: {A34CAABE-B65A-427A-8CD4-7DB32579A26F} - \Apps Hat Mini-codedownloader No Task File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {C7AD8E14-42BA-4584-8BEC-30CF16AC848F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {C8B8F568-9ADA-4B74-B57F-A33B576316F8} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe
Task: {D273A9E4-5A8C-4A72-B5D3-502D856B9788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {FB4451A4-055D-41D4-B37E-C81C685B974F} - System32\Tasks\pricesparrowSWU => Cscript.exe "C:\Program Files (x86)\PriceSparrow\Internet Explorer\swu.vbs"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-09 16:22 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-08 20:41 - 2007-09-02 12:58 - 00495616 _____ () E:\Program Files (x86)\RocketDock\RocketDock.exe
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-09 20:19 - 2014-07-02 13:52 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-20 15:21 - 2009-10-20 15:21 - 00322096 _____ () C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
2014-05-08 20:41 - 2007-09-02 12:57 - 00069632 _____ () E:\Program Files (x86)\RocketDock\RocketDock.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Server\libxml2.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Server\zlib1.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 17091120 _____ () C:\Program Files (x86)\VMware\VMware Server\types.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 05196336 _____ () C:\Program Files (x86)\VMware\VMware Server\platform.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 01100336 _____ () C:\Program Files (x86)\VMware\VMware Server\common.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02153008 _____ () C:\Program Files (x86)\VMware\VMware Server\hostsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00318000 _____ () C:\Program Files (x86)\VMware\VMware Server\internalsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00653872 _____ () C:\Program Files (x86)\VMware\VMware Server\nfcsvc.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00842288 _____ () C:\Program Files (x86)\VMware\VMware Server\libeay32.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00162352 _____ () C:\Program Files (x86)\VMware\VMware Server\ssleay32.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02894384 _____ () C:\Program Files (x86)\VMware\VMware Server\diskLibWrapper.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00178736 _____ () C:\Program Files (x86)\VMware\VMware Server\proxysvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00834096 _____ () C:\Program Files (x86)\VMware\VMware Server\solo.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00404016 _____ () C:\Program Files (x86)\VMware\VMware Server\statssvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00096816 _____ () C:\Program Files (x86)\VMware\VMware Server\supportsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 00117296 _____ () C:\Program Files (x86)\VMware\VMware Server\vcsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02767408 _____ () C:\Program Files (x86)\VMware\VMware Server\vimsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 02718256 _____ () C:\Program Files (x86)\VMware\VMware Server\vmsvc.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-07-26 01:32 - 2014-07-26 01:32 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2015-02-01 16:04 - 2014-02-17 19:13 - 00092984 _____ () C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\erik\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Apps Hat => C:\Users\erik\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: AppsHat => C:\Users\erik\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CanonMyPrinter => E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => E:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: EADM => "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Ocs_SM => C:\Users\erik\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\erik\AppData\Roaming\Web Cake\WebCakeDesktop.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1290900567-4276527035-1124842236-500 - Administrator - Disabled)
erik (S-1-5-21-1290900567-4276527035-1124842236-1000 - Administrator - Enabled) => C:\Users\erik
fbwuser (S-1-5-21-1290900567-4276527035-1124842236-1004 - Limited - Disabled) => C:\Users\fbwuser
Gast (S-1-5-21-1290900567-4276527035-1124842236-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1290900567-4276527035-1124842236-1002 - Limited - Enabled)
__vmware_user__ (S-1-5-21-1290900567-4276527035-1124842236-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Hotspot Shield Routing Driver 6
Description: Hotspot Shield Routing Driver 6
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HssDRV6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2015 05:25:14 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (02/01/2015 05:25:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (02/01/2015 04:46:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
Error: (02/01/2015 04:46:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
Error: (02/01/2015 03:28:02 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:28:01 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:28:00 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:27:58 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:27:33 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (02/01/2015 00:37:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: -1
Snapshotkontext: -1
Ausführungskontext: Coordinator
System errors:
=============
Error: (02/01/2015 04:04:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/01/2015 03:27:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HssDRV6
Error: (02/01/2015 03:26:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (02/01/2015 03:26:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (02/01/2015 03:25:07 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (02/01/2015 11:39:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2887069)
Error: (02/01/2015 11:35:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HssDRV6
Error: (02/01/2015 11:34:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (02/01/2015 11:34:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (02/01/2015 11:33:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (02/01/2015 05:25:14 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (02/01/2015 05:25:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (02/01/2015 04:46:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
The catalog is corrupt
Error: (02/01/2015 04:46:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
2350
Error: (02/01/2015 03:28:02 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:28:01 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:28:00 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:27:58 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (02/01/2015 03:27:33 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (02/01/2015 00:37:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: -1
Snapshotkontext: -1
Ausführungskontext: Coordinator
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8168.79 MB
Available physical RAM: 5955.75 MB
Total Pagefile: 8166.97 MB
Available Pagefile: 5815.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:195.31 GB) (Free:15.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (media) (Fixed) (Total:503.32 GB) (Free:161.54 GB) NTFS
Drive f: (PETER) (Removable) (Total:3.74 GB) (Free:2.88 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E4AD593A)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=503.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 87347395)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)
==================== End Of Log ============================
|
|
01.02.2015, 19:42
| #4 |
| /// the machine /// TB-Ausbilder | Internetproblem durch Schadsoftware hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2015, 20:05
| #5 |
| | Internetproblem durch Schadsoftware Meinen allegrößten Dank an dich!, Das Internet funktioniert wieder. :-) Der Vorgang lief soweit gut, Virenprogramm Avira wurde deaktiviert, es kam aber während dem Scanvorgangvorgang eine Meldung, das ein Programm Zugriff auf die Regestry hat. Code:
ATTFilter ComboFix 15-01-29.01 - erik 01.02.2015 19:49:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.6090 [GMT 1:00]
ausgeführt von:: c:\users\erik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\erik\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\erik\AppData\Roaming\0ad
c:\users\erik\AppData\Roaming\0ad\config\user.cfg
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-01 bis 2015-02-01 ))))))))))))))))))))))))))))))
.
.
2015-02-01 16:24 . 2015-02-01 16:25 -------- d-----w- C:\FRST
2015-02-01 15:04 . 2015-02-01 15:04 -------- d-----w- c:\users\erik\AppData\Local\DriverToolkit
2015-02-01 15:04 . 2015-02-01 15:04 -------- d-----w- c:\program files (x86)\DriverToolkit
2015-02-01 15:03 . 2015-02-01 15:03 -------- d-----w- c:\programdata\Hotspot Shield
2015-02-01 15:03 . 2015-02-01 15:03 -------- d-----w- c:\program files (x86)\Hotspot Shield
2015-02-01 15:03 . 2014-05-17 02:35 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2015-02-01 15:03 . 2015-02-01 15:03 -------- d-----w- c:\users\erik\AppData\Roaming\Hotspot Shield
2015-02-01 11:27 . 2015-02-01 11:27 -------- d-----w- c:\users\erik\AppData\Roaming\WinFAQ
2015-02-01 11:27 . 2006-07-11 20:45 1767 ----a-w- c:\windows\system32\RSWIcon.icl
2015-02-01 11:27 . 2015-02-01 11:27 -------- d-----w- c:\program files\Registry System Wizard.NET
2015-01-31 17:22 . 2013-09-24 10:13 119808 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2015-01-30 11:52 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A21C32-54BD-476B-965A-9DBAA1CF5A82}\mpengine.dll
2015-01-04 13:01 . 2015-01-04 13:01 -------- d-----w- c:\users\erik\AppData\Local\ExKode Co. Ltd
2015-01-04 12:56 . 2015-01-04 12:56 -------- d-----w- c:\users\erik\AppData\Local\Dxtory Software
2015-01-04 12:56 . 2014-06-08 21:14 2508336 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2015-01-04 12:56 . 2014-06-08 21:14 2610736 ----a-w- c:\windows\system32\DxtoryCodec.dll
2015-01-03 20:26 . 2015-01-03 20:26 -------- d-----w- c:\users\erik\AppData\Roaming\BANDISOFT
2015-01-03 20:25 . 2015-01-03 20:25 -------- d-----w- c:\program files (x86)\BandiMPEG1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-01 14:40 . 2014-10-03 21:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-31 17:52 . 2013-10-19 14:57 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-01-31 17:52 . 2013-05-10 07:27 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-01-31 17:52 . 2013-05-09 19:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-01-25 10:38 . 2013-10-16 18:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 10:38 . 2013-10-16 18:14 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 10:32 . 2014-07-17 11:41 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-01-06 03:36 . 2013-05-09 16:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 08:38 . 2014-12-11 15:17 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-21 08:38 . 2014-12-11 15:17 2237952 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 08:37 . 2014-12-11 15:17 600576 ----a-w- c:\windows\system32\vbscript.dll
2014-11-21 08:37 . 2014-12-11 15:17 1409536 ----a-w- c:\windows\system32\urlmon.dll
2014-11-21 08:36 . 2014-12-11 15:17 197120 ----a-w- c:\windows\system32\msrating.dll
2014-11-21 08:36 . 2014-12-11 15:17 19283456 ----a-w- c:\windows\system32\mshtml.dll
2014-11-21 08:36 . 2014-12-11 15:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-21 08:36 . 2014-12-11 15:17 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-21 08:36 . 2014-12-11 15:17 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-21 08:36 . 2014-12-11 15:17 3959296 ----a-w- c:\windows\system32\jscript9.dll
2014-11-21 08:36 . 2014-12-11 15:17 855552 ----a-w- c:\windows\system32\jscript.dll
2014-11-21 08:36 . 2014-12-11 15:17 15400960 ----a-w- c:\windows\system32\ieframe.dll
2014-11-21 08:36 . 2014-12-11 15:17 2655232 ----a-w- c:\windows\system32\iertutil.dll
2014-11-21 08:36 . 2014-12-11 15:17 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-11-21 08:36 . 2014-12-11 15:17 526336 ----a-w- c:\windows\system32\ieui.dll
2014-11-21 08:36 . 2014-12-11 15:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-11-21 08:36 . 2014-12-11 15:17 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-21 08:36 . 2014-12-11 15:17 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-21 08:36 . 2014-12-11 15:17 451584 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-21 08:36 . 2014-12-11 15:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-21 08:35 . 2014-12-11 15:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-21 07:17 . 2014-12-11 15:17 1762816 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 07:17 . 2014-12-11 15:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-21 07:16 . 2014-12-11 15:17 2861568 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-21 07:16 . 2014-12-11 15:17 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-21 07:16 . 2014-12-11 15:17 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-21 07:16 . 2014-12-11 15:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-21 07:00 . 2014-12-11 15:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-21 06:54 . 2014-12-11 15:17 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-21 06:31 . 2014-12-11 15:17 441856 ----a-w- c:\windows\system32\html.iec
2014-11-21 06:24 . 2014-12-11 15:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2014-11-21 06:05 . 2014-12-11 15:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-21 05:59 . 2014-12-11 15:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-21 05:14 . 2014-10-03 21:30 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-10-03 21:30 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-01-24 18:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 17:57 . 2014-11-16 17:57 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-11-11 03:09 . 2014-12-11 15:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 17:07 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 17:07 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 15:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 17:07 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 17:07 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-26 18:36 220632 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-26 18:36 220632 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-26 18:36 220632 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
c:\users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\erik\AppData\Local\Temp\EverestDriver.sys;c:\users\erik\AppData\Local\Temp\EverestDriver.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;e:\program files (x86)\Origin\OriginClientService.exe;e:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RDID1079;UA-25EX;c:\windows\system32\Drivers\rdwm1079.sys;c:\windows\SYSNATIVE\Drivers\rdwm1079.sys [x]
R3 RTCore64;RTCore64;e:\program files (x86)\MSI Afterburner\RTCore64.sys;e:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\erik\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys;c:\users\erik\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]
R3 wolf;wolf;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys;c:\windows\SYSNATIVE\drivers\DRHARD64.sys [x]
S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys;c:\windows\SYSNATIVE\drivers\DRHMSR64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;e:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;e:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [x]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 17:00 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16 10:38]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16 18:08]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16 18:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-26 18:36 244696 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-26 18:36 244696 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-26 18:36 244696 ----a-w- c:\users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1290900567-4276527035-1124842236-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1290900567-4276527035-1124842236-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Server\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
e:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\users\erik\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-01 20:02:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-02-01 19:02
.
Vor Suchlauf: 15 Verzeichnis(se), 16.568.856.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 18.205.298.688 Bytes frei
.
- - End Of File - - 861E18459BBBE9444B59A252E6ED29D5
|
|
02.02.2015, 09:06
| #6 |
| /// the machine /// TB-Ausbilder | Internetproblem durch Schadsoftware Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Internetproblem durch Schadsoftware |
|
10.02.2015, 20:01
| #7 |
| | Internetproblem durch Schadsoftware mbam.txt: Code:
ATTFilter Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: erik
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 389752
Verstrichene Zeit: 10 Min, 24 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 2
PUP.Optional.Softonic, C:\Users\erik\Downloads\SoftonicDownloader_for_empire-earth.exe, In Quarantäne, [ddf4ef2d98f2e84efdbf3c1e0df3eb15],
PUP.Optional.Eguide, C:\Users\erik\Downloads\xxlpack-Downloader.exe, In Quarantäne, [29a875a7800a93a38f9ae47a57a9f20e],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 10/02/2015 um 19:02:12
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : erik - ERIK-PC
# Gestarted von : C:\Users\erik\Desktop\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : hshld
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm
Datei Gelöscht : C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : Apps Hat Mini-chromeinstaller
Task Gelöscht : Apps Hat Mini-codedownloader
Task Gelöscht : Apps Hat Mini-enabler
Task Gelöscht : Apps Hat Mini-firefoxinstaller
Task Gelöscht : Apps Hat Mini-updater
Task Gelöscht : BrowserDefendert
Task Gelöscht : pricesparrowSWU
Task Gelöscht : ProgramRefresh-ATFST
Task Gelöscht : ProgramUpdateCheck
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Google Chrome v40.0.2214.111
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaPuJho93q_rwYmLYBecCau0A8gUQbjoqmOnNhA-ii0c-HYUPffIQO5CVR719kkQbfw02Jn_zlvjJTmseauaZm1Svdri9mPpE1PkBvH9gHeAMFGs6SNz8QSInQbB3fC5RElhnpc8P8rNDADRRA05zQuHOhG8BXROw9yt9JNXcBTIsOAF4o,&q={searchTerms}
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=M04C1644D-9F93-49F6-8C68-FFCB01C2815D&SearchSource=58&CUI=&UM=5&UP=SP46106998-4E96-4CDC-A5E9-085FF7685E06&q={searchTerms}&SSPV=
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416429468&from=cvs2&uid=WDCXWD7502AAEX-00Y9A0_WD-WCAW3055470354703&q={searchTerms}
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416429468&from=cvs2&uid=WDCXWD7502AAEX-00Y9A0_WD-WCAW3055470354703&q={searchTerms}
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416429468&from=cvs2&uid=WDCXWD7502AAEX-00Y9A0_WD-WCAW3055470354703&q={searchTerms}
[C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416429468&from=cvs2&uid=WDCXWD7502AAEX-00Y9A0_WD-WCAW3055470354703&q={searchTerms}
*************************
AdwCleaner[R0].txt - [5691 Bytes] - [10/02/2014 19:18:42]
AdwCleaner[R1].txt - [6250 Bytes] - [26/03/2014 20:32:05]
AdwCleaner[R2].txt - [8975 Bytes] - [13/11/2014 17:56:51]
AdwCleaner[R3].txt - [9939 Bytes] - [19/11/2014 21:43:02]
AdwCleaner[R4].txt - [1832 Bytes] - [20/11/2014 14:39:25]
AdwCleaner[R5].txt - [3602 Bytes] - [31/01/2015 20:51:12]
AdwCleaner[R6].txt - [3666 Bytes] - [31/01/2015 20:55:17]
AdwCleaner[R7].txt - [4175 Bytes] - [10/02/2015 19:00:13]
AdwCleaner[R8].txt - [4175 Bytes] - [10/02/2015 19:00:33]
AdwCleaner[S0].txt - [5271 Bytes] - [10/02/2014 19:22:31]
AdwCleaner[S1].txt - [5280 Bytes] - [26/03/2014 20:34:12]
AdwCleaner[S2].txt - [8012 Bytes] - [13/11/2014 18:01:32]
AdwCleaner[S3].txt - [8145 Bytes] - [19/11/2014 21:44:18]
AdwCleaner[S4].txt - [1440 Bytes] - [20/11/2014 14:44:45]
AdwCleaner[S5].txt - [3367 Bytes] - [31/01/2015 21:02:48]
AdwCleaner[S6].txt - [3998 Bytes] - [10/02/2015 19:02:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4057 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by erik on 10.02.2015 at 19:10:21,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2015 at 19:12:12,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
11.02.2015, 07:37
| #8 |
| /// the machine /// TB-Ausbilder | Internetproblem durch SchadsoftwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.02.2015, 17:07
| #9 |
| | Internetproblem durch Schadsoftware ESET log.txt Sind 2 Durchgänge, da ich einem einem Tag nicht fertig wurde. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=134aee74cf7a9641b1d7c79c37160468
# engine=22611
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-23 09:17:26
# local_time=2015-02-23 10:17:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 25475 56609132 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 304993 176356096 0 0
# scanned=78867
# found=44
# cleaned=0
# scan_time=3426
sh=07420D985C199AD29770A0EFA84C0444FB5993FE ft=1 fh=b7625a5ced23428a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1290900567-4276527035-1124842236-1000\$RNIBTJ4.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1290900567-4276527035-1124842236-1000\$ROZHKT4.exe"
sh=2D99777AA5079A44603999A35D80A7B4FBE5F859 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\50301.crx.vir"
sh=985E2705F9E06CAB63E5E8E8EBAAD7A740B0AAF6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\50301.xpi.vir"
sh=F5417D25A7B374E2831B4D77C19E56CD48A9AD1C ft=1 fh=e973c85d0c631798 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-bho64.dll.vir"
sh=4F9D4655CA1CCDAE0C18D819F38362C457F11DD0 ft=1 fh=c71c00113096d58d vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-buttonutil64.dll.vir"
sh=5B8AA5974065FBD70737E3040461560A5B513E34 ft=1 fh=ba537ea2015c72e9 vn="Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-helper.exe.vir"
sh=067DC7F1CD4C3D98E09058E50DB5B1D23924FEFD ft=1 fh=5fee560ec51f2e7b vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Uninstall.exe.vir"
sh=FE4D1396D09A8BEEA713A51AAD80F6E7D30A2D20 ft=1 fh=28a1e24a3a9dbac8 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\utils.exe.vir"
sh=648D2E1D8CCC0279CEDA1AE430F205BA352293EB ft=1 fh=ac98657aa166f495 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=6DCDA9489313626691A855B7347C390EE16D850B ft=1 fh=49c4a133e8830a84 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=C31008D1F356D816C3A66E0EF7278E962A09AC36 ft=1 fh=d3bfdb38f4517eb3 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=AE99F3913DAFB4613D860013506468FE6CFBC6CA ft=1 fh=820774852fd46b31 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=6ACEC48DB72D78F4BBC74CDF2F050CA9844011DE ft=1 fh=913d6f7e43cf9a20 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=73A1201E4F760BD40127782ADBD1F92A30A45BE7 ft=1 fh=4abdc732bfb36eb5 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=718B748E747E83E8D5D280DC66B1A6B8F4FB3F16 ft=1 fh=43542fbb1e93fe56 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=130C40D4D9C166704F255BDF099687A9D90206DA ft=1 fh=628d0aefb3278aa3 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=4379902203EC8FE53504DB6756C0CB63C53D99FB ft=1 fh=d2c3900fcc9f9921 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=ED40B2B4E996FFB783785672E220DB5136CF4678 ft=1 fh=be873a265e76269a vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\uninstall.exe.vir"
sh=C0432B4C993A20388EDEE793E0FEC369AF1FD87F ft=1 fh=966ece101a06911f vn="Win32/Wajam.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe.vir"
sh=CC0E55892F6CE9CD3202B22B0968EA4E13FABB76 ft=1 fh=cf6ce51022f61cba vn="Variante von MSIL/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.vir"
sh=99D2D956F2C7CF18DA947F16162E3BA6C63477B6 ft=1 fh=c71c0011fcaba2de vn="Win32/Wajam.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe.vir"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\190_pops_5_m.js.vir"
sh=1C11431100002928B21CADA701E3D80CDBEFB6A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=2F52278A196CC0D92BE8A39C79A4A4DA1175FDA5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=24381D4F7C6B28C7D6CD460AB3FA42301B0A5CDC ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=78291A99C56B070EA0908A09C9ED4823F72C6A31 ft=1 fh=303c525d22b897e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\ocs_v7a.exe.vir"
sh=887837EF98F416D96FA525721AC5B88B6EE179D8 ft=1 fh=a37f5c05b7c3e434 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\47c0f421415f14f8d862257a52076ab2\Hotspot-Shield-649.exe.vir"
sh=A6222AA20A0998A2FEF5E20BAF49E4628AE96CF4 ft=1 fh=088172dd3b097904 vn="MSIL/MyPCBackup.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a1e306de2b424c98120a7e3da5c17d6b\disk-defrag-setup-4.5.1.exe.vir"
sh=2552432501BB1817A86FB4CD141C2AA1B8E34650 ft=1 fh=d4b3877a3411dcbb vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\accee398d56e30b768f190d8ff1eb83e\pcspeedup.exe.vir"
sh=AF30C69B7002B44624735FFD6D87A2B90A2E1C85 ft=1 fh=6e845fa31fcfc7c2 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=048073A3C044D44A644E933FB066E2CDC3A6C2D4 ft=1 fh=0dd9957f42ce1690 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=4DFDDD41FEC5F240AFAB959EDA0FC39925E02F2A ft=1 fh=adb82df7b379013a vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=780B558BAFED2423FB54F8D9B05599018E80AF87 ft=1 fh=845e21fd0df02840 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R6HDQC2\SPIdentifierImpl[1].exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFP339GY\SPSetup[1].exe"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Temp\DMR\dmr_72.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=134aee74cf7a9641b1d7c79c37160468
# engine=22689
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-28 03:26:00
# local_time=2015-02-28 04:26:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 24259 57020046 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63829 176767010 0 0
# scanned=349053
# found=85
# cleaned=0
# scan_time=9514
sh=07420D985C199AD29770A0EFA84C0444FB5993FE ft=1 fh=b7625a5ced23428a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1290900567-4276527035-1124842236-1000\$RNIBTJ4.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1290900567-4276527035-1124842236-1000\$ROZHKT4.exe"
sh=2D99777AA5079A44603999A35D80A7B4FBE5F859 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\50301.crx.vir"
sh=985E2705F9E06CAB63E5E8E8EBAAD7A740B0AAF6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\50301.xpi.vir"
sh=F5417D25A7B374E2831B4D77C19E56CD48A9AD1C ft=1 fh=e973c85d0c631798 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-bho64.dll.vir"
sh=4F9D4655CA1CCDAE0C18D819F38362C457F11DD0 ft=1 fh=c71c00113096d58d vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-buttonutil64.dll.vir"
sh=5B8AA5974065FBD70737E3040461560A5B513E34 ft=1 fh=ba537ea2015c72e9 vn="Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Apps Hat Mini-helper.exe.vir"
sh=067DC7F1CD4C3D98E09058E50DB5B1D23924FEFD ft=1 fh=5fee560ec51f2e7b vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\Uninstall.exe.vir"
sh=FE4D1396D09A8BEEA713A51AAD80F6E7D30A2D20 ft=1 fh=28a1e24a3a9dbac8 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Apps Hat Mini\utils.exe.vir"
sh=648D2E1D8CCC0279CEDA1AE430F205BA352293EB ft=1 fh=ac98657aa166f495 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=6DCDA9489313626691A855B7347C390EE16D850B ft=1 fh=49c4a133e8830a84 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=C31008D1F356D816C3A66E0EF7278E962A09AC36 ft=1 fh=d3bfdb38f4517eb3 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=AE99F3913DAFB4613D860013506468FE6CFBC6CA ft=1 fh=820774852fd46b31 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=6ACEC48DB72D78F4BBC74CDF2F050CA9844011DE ft=1 fh=913d6f7e43cf9a20 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=73A1201E4F760BD40127782ADBD1F92A30A45BE7 ft=1 fh=4abdc732bfb36eb5 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=718B748E747E83E8D5D280DC66B1A6B8F4FB3F16 ft=1 fh=43542fbb1e93fe56 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=130C40D4D9C166704F255BDF099687A9D90206DA ft=1 fh=628d0aefb3278aa3 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=4379902203EC8FE53504DB6756C0CB63C53D99FB ft=1 fh=d2c3900fcc9f9921 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=ED40B2B4E996FFB783785672E220DB5136CF4678 ft=1 fh=be873a265e76269a vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\uninstall.exe.vir"
sh=C0432B4C993A20388EDEE793E0FEC369AF1FD87F ft=1 fh=966ece101a06911f vn="Win32/Wajam.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe.vir"
sh=CC0E55892F6CE9CD3202B22B0968EA4E13FABB76 ft=1 fh=cf6ce51022f61cba vn="Variante von MSIL/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.vir"
sh=99D2D956F2C7CF18DA947F16162E3BA6C63477B6 ft=1 fh=c71c0011fcaba2de vn="Win32/Wajam.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe.vir"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\190_pops_5_m.js.vir"
sh=1C11431100002928B21CADA701E3D80CDBEFB6A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=2F52278A196CC0D92BE8A39C79A4A4DA1175FDA5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbibhpbpkppfpcgopfbkokifpfiacdok\1.26.22_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=24381D4F7C6B28C7D6CD460AB3FA42301B0A5CDC ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=78291A99C56B070EA0908A09C9ED4823F72C6A31 ft=1 fh=303c525d22b897e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\ocs_v7a.exe.vir"
sh=887837EF98F416D96FA525721AC5B88B6EE179D8 ft=1 fh=a37f5c05b7c3e434 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\47c0f421415f14f8d862257a52076ab2\Hotspot-Shield-649.exe.vir"
sh=A6222AA20A0998A2FEF5E20BAF49E4628AE96CF4 ft=1 fh=088172dd3b097904 vn="MSIL/MyPCBackup.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a1e306de2b424c98120a7e3da5c17d6b\disk-defrag-setup-4.5.1.exe.vir"
sh=2552432501BB1817A86FB4CD141C2AA1B8E34650 ft=1 fh=d4b3877a3411dcbb vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\accee398d56e30b768f190d8ff1eb83e\pcspeedup.exe.vir"
sh=AF30C69B7002B44624735FFD6D87A2B90A2E1C85 ft=1 fh=6e845fa31fcfc7c2 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=048073A3C044D44A644E933FB066E2CDC3A6C2D4 ft=1 fh=0dd9957f42ce1690 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=4DFDDD41FEC5F240AFAB959EDA0FC39925E02F2A ft=1 fh=adb82df7b379013a vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\erik\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=66DBE5018102D85CA57C6E9352DA4601D545D8A7 ft=1 fh=31490f51014fa2ff vn="Variante von Win32/Adware.PicColor.M Anwendung" ac=I fn="C:\ProgramData\968131de5da043f18c27a2bbbfd25883\968131de5da043f18c27a2bbbfd25883.exe"
sh=66DBE5018102D85CA57C6E9352DA4601D545D8A7 ft=1 fh=31490f51014fa2ff vn="Variante von Win32/Adware.PicColor.M Anwendung" ac=I fn="C:\Users\All Users\968131de5da043f18c27a2bbbfd25883\968131de5da043f18c27a2bbbfd25883.exe"
sh=780B558BAFED2423FB54F8D9B05599018E80AF87 ft=1 fh=845e21fd0df02840 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R6HDQC2\SPIdentifierImpl[1].exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFP339GY\SPSetup[1].exe"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\AppData\Local\Temp\DMR\dmr_72.exe"
sh=95C96EE83A934BBD36A6D056721B3EB559AD54CE ft=1 fh=e122114887811058 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader (1).exe"
sh=176C091640A733B40FF0D947A30E6CB27222F60B ft=1 fh=e80a7cbf4f00f6ea vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=5316DB5A68EA351F2817E5618F7AF8AF46F4395F ft=1 fh=bc22fc63966d6040 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Avidemux 32 Bit - CHIP-Downloader.exe"
sh=362C559CF4E67DD2C8BA65919B7F49A3D00CC81B ft=1 fh=601ad105b896c4bb vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\BitZipper2015TrialSetupDe.exe"
sh=089AD6C3C3F91E32EFF8BA6F737BCF73AC5E0269 ft=1 fh=17e875b42f7027a8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\BluetoothView - CHIP-Downloader.exe"
sh=F9EC7DCCBFDE17A6F5263C2CA306E8FA39AD2764 ft=1 fh=2324e7de2cbd76ae vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\CamStudio - CHIP-Downloader (1).exe"
sh=92319DBDE6F47A7884CB303EE6D5CC879574680A ft=1 fh=c51ad367259553de vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\CamStudio - CHIP-Downloader.exe"
sh=F09786B138669A0DCCC8F0C3FCB7639CCC650FAA ft=1 fh=00cb07cccb92874f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\CCleaner - CHIP-Downloader.exe"
sh=727C31F055706C3BBAEB8A20EE7CA1405C715F24 ft=1 fh=b0df9ced064e857e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\CursorFX - CHIP-Downloader.exe"
sh=6333A1F2411E7C52B5AD3DF638061E68D6566749 ft=1 fh=71b72ab2d76beee3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Disk Defrag - CHIP-Downloader.exe"
sh=6D3428674E47CC2F1B7BD3CC610E5C54ACA8133E ft=1 fh=6435ec9dc703d4ec vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer (1).exe"
sh=CA82A16283253E7AD61A4F150669DABD2B2E76F5 ft=1 fh=aaaf97b889f09ec0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer.exe"
sh=10AF7BC01300999932F8561450DB3D45C20344B8 ft=1 fh=507f30655799bf95 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Domination - CHIP-Downloader (1).exe"
sh=6C7C9C8084C247EACE3CFF139107816FC1AA08F5 ft=1 fh=5865f6826eeb9ce0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Domination - CHIP-Downloader.exe"
sh=E44492FB46EF55937894FB2CEE7CDB4CB111F5B6 ft=1 fh=ca073a5a9f6e3c32 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Dr Hardware 2014 - CHIP-Downloader.exe"
sh=FB6D6EAEB374157B23FA0A435C88397E31B32820 ft=1 fh=cdd7ccfbb50863f1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Everest Home Edition - CHIP-Downloader.exe"
sh=FBC7BCF59E68E8C08ADAB2DFFEA152AC9F9AF2E9 ft=1 fh=90e6f815b2253680 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\FRAPS - CHIP-Downloader.exe"
sh=72F69927B9F079B7F4EDB889D32A2C75E94E9ED7 ft=1 fh=5de1a78669006c78 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\FunnyVoice - CHIP-Installer.exe"
sh=B9D6EC0C7E8899B99489207BCF313DF0E3AF48B8 ft=1 fh=84574b03d4ae796d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Hotspot Shield VPN - CHIP-Downloader.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=CF81A2D9287A64A23082CE477B6327E0E9FE710A ft=1 fh=7fa0ae10b1299842 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=1ACDBE9E8106D3B2326F7E6FD08B232AF51080FB ft=1 fh=45fe1c47cab3023f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\LogMeIn Hamachi - CHIP-Installer.exe"
sh=55FB27F89CC5D78EEBE0DB38676A03657BB963E0 ft=1 fh=df18176657f93166 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe"
sh=A9F04693F9C93A09CB5AE6EFF606011E4A7581E7 ft=1 fh=023bc9849174b52a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Minecraft3.0.0.3.exe"
sh=77FDDAA17A4970D70C96E46C085F928B8708A1BD ft=1 fh=de9adeca495d87da vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\MSI Afterburner - CHIP-Downloader.exe"
sh=07420D985C199AD29770A0EFA84C0444FB5993FE ft=1 fh=b7625a5ced23428a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Open Broadcaster Software - CHIP-Installer.exe"
sh=FD87B99C80C26862B3AB5A687EBC5055E15EF4EE ft=1 fh=869caa2142662a73 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Paint NET - CHIP-Downloader (1).exe"
sh=33FC239939FCBC3C445249F31FDC585691445AD1 ft=1 fh=3a3a0757e74d3862 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Paint NET - CHIP-Downloader.exe"
sh=8E4B2582ECA214DD26BF07ECA8E774C65181B00D ft=1 fh=77d3b6358b773d59 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\pbsetup_3.4.exe"
sh=4CC36A04B91963E2E19B5C1EC15AAC95CBC2DFC9 ft=1 fh=7b6dacf3205e557a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\PC Wizard 2013 - CHIP-Downloader.exe"
sh=485883B5554270D39478B5EDAAA34ED0A9A7CAA5 ft=1 fh=365e0a5d7c0c7a0e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\RocketDock - CHIP-Downloader.exe"
sh=45A0A51260A1BE64D5C393F95045382F26DC1717 ft=1 fh=382d7881a5948747 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Scan2PDF - CHIP-Installer.exe"
sh=9A5190017C4AC46B598D70282CC8D340DEF0EFA3 ft=1 fh=c75061f6f991196b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\SketchUp Make 2015 - CHIP-Installer.exe"
sh=DFCF943578DE92970BBB086E33CEA8A6BDFAA700 ft=1 fh=97bfa0834f86b7bb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\Start Menu X - CHIP-Downloader.exe"
sh=D4C1550D5AB83AB6E1A5D5B10F72FEEDFA7681EB ft=1 fh=5e45a712c571b0f3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\VMware Server - CHIP-Installer.exe"
sh=E352DF430FC2CDB0E988E75866CC05186671BE3B ft=1 fh=5c4390a6b1093be2 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\erik\Downloads\WinScan2PDF_CB-DL-Manager.exe"
sh=FA399A74E1D037E836E0E386AF8FE62C1E14D0D9 ft=1 fh=c6b5d98ab23f6683 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\File Type Assistant\ftacfg.exe"
sh=AB9A1E20050206A9E4EA3FB7B3C3B9368A8229AF ft=1 fh=574e1d79c18cb087 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\File Type Assistant\TSASetup.exe"
sh=CDFC725B11EEF83C9E35834231F4A70D1D5CB556 ft=1 fh=89f5b5d673baa91f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\File Type Assistant\tsassist.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java 8 Update 20
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by erik (administrator) on ERIK-PC on 23-02-2015 21:09:08
Running from C:\Users\erik\Desktop\Computerpobleme
Loaded Profiles: erik (Available profiles: erik & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Apache Software Foundation) C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() E:\Program Files (x86)\RocketDock\RocketDock.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Run: [RocketDock] => E:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 16 C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Winsock: Catalog9 17 C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Winsock: Catalog9 18 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 16 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll [410160] (VMware, Inc.)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll [410160] (VMware, Inc.)
Winsock: Catalog9-x64 18 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VLC for YouTube™) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel [2013-11-03]
CHR Extension: (Google Docs) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-09]
CHR Extension: (Google Drive) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-09]
CHR Extension: (GeoGebra) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-17]
CHR Extension: (Google Search) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-09]
CHR Extension: (No Name) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2015-02-10]
CHR Extension: (Avira SafeSearch) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-07]
CHR Extension: (Steam Market Filter) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdpoeanmcbopmmdomongbohbmiolmom [2015-01-04]
CHR Extension: (Avira Browser Safety) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Heroes & Generals) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-20]
CHR Extension: (Easy Video Downloader Express) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\laglhpkadeejnkgdiphnegpajimagcld [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-09-07]
CHR Extension: (Gmail) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-28] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-20] () [File not signed]
R2 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe [121392 2009-10-20] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [322096 2009-10-20] ()
R2 VMwareServerWebAccess; C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-10-20] (Apache Software Foundation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-07-03] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-07-03] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RDID1079; C:\Windows\System32\Drivers\rdwm1079.sys [199296 2009-09-17] (Roland Corporation)
S3 RTCore64; E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EverestDriver; \??\C:\Users\erik\AppData\Local\Temp\EverestDriver.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\erik\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 22:44 - 2015-02-21 22:44 - 00009890 _____ () C:\Users\erik\Desktop\ErdkundeGFS.odp
2015-02-20 14:52 - 2015-02-20 14:51 - 00000000 ____D () C:\Users\erik\Downloads\Fresh fruits - Kopie
2015-02-20 14:51 - 2015-02-20 14:51 - 00000000 ____D () C:\Users\erik\Downloads\Fresh fruits
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\Users\erik\AppData\Local\BitZipper
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\Program Files (x86)\BitZipper
2015-02-20 13:31 - 2015-02-20 13:31 - 06118848 _____ (Bitberry Software ) C:\Users\erik\Downloads\BitZipper2015TrialSetupDe.exe
2015-02-19 11:32 - 2015-02-19 11:32 - 00008283 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2015-02-19 11:17 - 2015-02-19 11:17 - 00000000 ____D () C:\Users\erik\AppData\Local\Steam
2015-02-19 10:32 - 2015-02-19 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-16 23:00 - 2015-02-16 23:00 - 01203488 _____ () C:\Users\erik\Downloads\SketchUp Make 2015 - CHIP-Installer.exe
2015-02-15 11:47 - 2015-02-15 11:47 - 00001685 _____ () C:\Users\erik\Downloads\Mission2.zip
2015-02-14 19:35 - 2015-02-14 19:35 - 00000000 ____D () C:\Users\erik\AppData\Local\Sony Online Entertainment
2015-02-14 18:57 - 2015-02-14 18:57 - 00002158 _____ () C:\Users\Public\Desktop\HP Officejet 6600.lnk
2015-02-14 18:23 - 2015-02-14 18:23 - 00003596 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2015-02-14 18:22 - 2015-02-14 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-14 18:21 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5D12.dll
2015-02-14 18:16 - 2015-02-14 18:16 - 00000000 ____D () C:\Program Files\HP
2015-02-14 18:03 - 2015-02-14 18:05 - 30407096 _____ () C:\Users\erik\Downloads\OJ6600_Basicx64_1315.exe
2015-02-14 18:02 - 2015-02-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{DA9A4C18-65A0-4DA8-B175-398AEFE804DB}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{D560C8A8-5401-4716-A4E3-3BF75362EE13}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{D2A05E0B-95A8-437B-98E7-3C51A51551C8}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{808B866D-89FB-4D56-8716-22FAED38716B}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{0236019B-D3E6-4F03-95E3-D27B1B812ED3}
2015-02-12 22:06 - 2015-02-12 22:06 - 00000000 ____D () C:\Users\erik\Documents\DPE
2015-02-12 22:01 - 2015-02-12 22:09 - 118744568 _____ () C:\Users\erik\Downloads\OJ6600_1315-1 (1).exe
2015-02-12 21:59 - 2015-02-12 21:59 - 00002892 _____ () C:\Windows\System32\Tasks\hpUrlLauncher.exe_{06C8F7F6-EDA5-4F2B-8224-D6AFA68DFDDD}
2015-02-12 21:51 - 2015-02-12 21:57 - 118744568 _____ () C:\Users\erik\Downloads\OJ6600_1315-1.exe
2015-02-12 21:48 - 2015-02-12 21:48 - 05325208 _____ (Piriform Ltd) C:\Users\erik\Downloads\ccsetup502.exe
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\Users\erik\AppData\Roaming\TuneUp Software
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\Users\erik\AppData\Local\TuneUp Software
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\ProgramData\968131de5da043f18c27a2bbbfd25883
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\ProgramData\920876972493472ca3314c502ed99163
2015-02-12 21:46 - 2015-02-07 21:45 - 00364024 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia64.dll
2015-02-12 21:46 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\SysWOW64\ColorMedia.dll
2015-02-12 21:45 - 2015-02-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-12 21:45 - 2015-02-12 21:45 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-12 21:36 - 2015-02-12 21:36 - 00659944 _____ () C:\Users\erik\Downloads\WinScan2PDF_CB-DL-Manager.exe
2015-02-12 17:26 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:26 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 17:08 - 2015-02-12 17:08 - 00000000 ____D () C:\Users\erik\AppData\Local\CrashRpt
2015-02-11 13:59 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:59 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 13:59 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 13:59 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 13:59 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 13:59 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 13:59 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 13:59 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 13:59 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 13:59 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 13:59 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 13:59 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 13:59 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 13:59 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 13:59 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 13:59 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:59 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 13:59 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 13:59 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 13:59 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:59 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:59 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 13:59 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 13:59 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 13:59 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 13:59 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 13:59 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 13:59 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 13:59 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 13:59 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 13:59 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-11 13:59 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:59 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:59 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 13:59 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 13:59 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:45 - 2015-02-10 18:45 - 01388274 _____ (Thisisu) C:\Users\erik\Desktop\JRT.exe
2015-02-10 18:45 - 2015-02-10 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 18:45 - 2015-02-10 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-10 18:45 - 2015-02-10 18:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-10 18:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 18:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 18:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 18:44 - 2015-02-10 18:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\erik\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-10 18:44 - 2015-02-10 18:44 - 02112512 _____ () C:\Users\erik\Desktop\AdwCleaner_4.110.exe
2015-02-10 17:28 - 2015-02-10 17:28 - 00000945 _____ () C:\Users\erik\Desktop\Open Broadcaster Software.lnk
2015-02-10 17:13 - 2015-02-10 17:13 - 01198368 _____ () C:\Users\erik\Downloads\Open Broadcaster Software - CHIP-Installer.exe
2015-02-08 20:11 - 2015-02-08 21:14 - 00016871 _____ () C:\Users\erik\Desktop\GFS.odt
2015-02-08 16:01 - 2015-02-08 16:04 - 84839353 _____ () C:\Users\erik\Downloads\Tekkit_Server_v1.2.9e.zip
2015-02-08 15:57 - 2015-02-08 15:57 - 04620432 _____ () C:\Users\erik\Downloads\TechnicLauncher.exe
2015-02-08 12:31 - 2015-02-08 12:31 - 01198368 _____ () C:\Users\erik\Downloads\Scan2PDF - CHIP-Installer.exe
2015-02-08 12:17 - 2015-02-09 21:34 - 00015852 _____ () C:\Users\erik\Desktop\NwTProtokoll2.odt
2015-02-08 12:11 - 2015-02-08 12:11 - 04156942 _____ () C:\Users\erik\Desktop\NwTProtokoll.odt
2015-02-08 09:57 - 2015-02-15 11:12 - 00000000 ____D () C:\Users\erik\AppData\Roaming\HpUpdate
2015-02-08 09:57 - 2015-02-08 09:57 - 00000972 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-02-06 16:15 - 2015-02-06 16:15 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 15:46 - 2015-02-14 18:57 - 00000000 ____D () C:\ProgramData\HP
2015-02-06 15:42 - 2015-02-06 15:42 - 00000000 ____D () C:\Users\erik\AppData\Local\HP
2015-02-05 16:38 - 2015-02-05 17:25 - 00000000 ____D () C:\Users\erik\Documents\BFH Beta 2
2015-02-05 16:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-05 16:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-05 16:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-05 16:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-05 16:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-02-05 16:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-02-05 16:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-02-05 16:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-02-05 16:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-05 16:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-05 16:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-02-05 16:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-05 16:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-02-05 16:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-05 16:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-02-05 16:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-05 16:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-02-05 16:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-05 16:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-02-05 16:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-05 16:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-02-05 16:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-05 16:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-02-05 16:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-02-05 16:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-02-05 16:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-02-05 16:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-02-05 16:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-02-05 16:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-02-05 16:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-02-05 16:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-02-05 16:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-02-05 16:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-02-05 16:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-02-05 16:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-02-05 16:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-02-05 16:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-02-05 16:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-02-05 16:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-02-05 16:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-02-05 16:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-02-05 16:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-02-05 16:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-02-05 16:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-02-05 16:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-02-05 16:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-02-05 16:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-02-05 16:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-02-05 16:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-02-05 16:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-02-05 16:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-02-05 16:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-02-05 16:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-02-05 16:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-02-05 16:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-02-05 16:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-02-05 16:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-02-05 16:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-02-03 18:19 - 2015-02-03 18:19 - 00002146 _____ () C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
2015-02-03 18:19 - 2015-02-03 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
2015-02-03 18:19 - 2015-02-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-02-03 18:16 - 2015-02-03 18:16 - 00000000 ____D () C:\Program Files (x86)\REALTEK
2015-02-03 18:16 - 2011-11-28 19:30 - 00584704 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-02-03 18:16 - 2011-08-11 06:46 - 00694376 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192su.sys
2015-02-03 18:16 - 2010-12-01 09:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
2015-02-03 18:16 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2015-02-03 18:16 - 2009-01-05 20:31 - 00000901 _____ () C:\Windows\RtlUI2.exe.manifest
2015-02-03 18:16 - 2008-07-01 12:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2015-02-01 20:02 - 2015-02-01 20:02 - 00026099 _____ () C:\ComboFix.txt
2015-02-01 19:47 - 2015-02-01 20:02 - 00000000 ____D () C:\Qoobox
2015-02-01 19:47 - 2015-02-01 20:01 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 19:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 19:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 19:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 19:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 19:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 19:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 19:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 19:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 19:44 - 2015-02-01 19:43 - 05611408 ____R (Swearware) C:\Users\erik\Desktop\ComboFix.exe
2015-02-01 18:07 - 2015-02-23 21:09 - 00000000 ____D () C:\Users\erik\Desktop\Computerpobleme
2015-02-01 17:24 - 2015-02-23 21:09 - 00000000 ____D () C:\FRST
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\Users\erik\AppData\Local\DriverToolkit
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2015-02-01 16:04 - 2015-02-01 16:04 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2015-02-01 16:03 - 2015-02-01 16:03 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-02-01 16:03 - 2014-05-17 03:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2015-02-01 15:58 - 2015-02-21 22:08 - 00000000 ____D () C:\Users\erik\Desktop\Desktop 12 (1)
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\Users\erik\AppData\Roaming\WinFAQ
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2015-02-01 12:27 - 2015-02-01 12:27 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2015-02-01 12:27 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2015-01-31 20:50 - 2015-01-31 20:50 - 02194432 _____ () C:\Users\erik\Downloads\AdwCleaner09.exe
2015-01-31 20:50 - 2015-01-31 20:50 - 02194432 _____ () C:\Users\erik\Downloads\adwcleaner_4.109.exe
2015-01-31 18:22 - 2013-09-24 11:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2015-01-31 18:20 - 2015-01-31 18:21 - 02137159 _____ () C:\Users\erik\Downloads\CoWo RegSvr.rar
2015-01-31 18:17 - 2015-01-31 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rama Studios
2015-01-31 18:14 - 2015-01-31 18:15 - 25183062 _____ () C:\Users\erik\Downloads\is_cowo_alphademo (1).rar
2015-01-30 14:31 - 2015-01-30 14:45 - 529422466 _____ () C:\Users\erik\Downloads\BWMod_A3_v1-1-1.rar
2015-01-25 12:40 - 2015-01-25 12:43 - 86614030 _____ () C:\Users\erik\Downloads\Watchtowers_FH2_24_SoundConversion.zip
2015-01-25 12:10 - 2015-01-25 12:10 - 02585352 _____ () C:\Users\erik\Downloads\mcpatcher-5.0.0_02.exe
2015-01-25 11:58 - 2015-01-25 11:58 - 00878207 _____ () C:\Users\erik\Downloads\OptiFine_1.8.0_HD_U_B6.jar
2015-01-25 11:57 - 2015-01-25 11:58 - 00340976 _____ () C:\Users\erik\Downloads\ShadersMod-v2.4.7mc1.8.jar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 21:07 - 2013-10-16 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 20:38 - 2013-10-16 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 17:41 - 2011-04-13 11:03 - 01461023 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 16:14 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 16:14 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 16:12 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\erik\AppData\Local\LogMeIn Hamachi
2015-02-23 16:12 - 2013-10-18 14:41 - 00000000 ___RD () C:\Users\erik\Dropbox
2015-02-23 16:11 - 2013-10-18 14:38 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Dropbox
2015-02-23 16:10 - 2013-10-16 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 16:07 - 2014-11-08 12:35 - 00000000 ____D () C:\ProgramData\VMware
2015-02-23 16:06 - 2014-03-30 18:41 - 00095760 _____ () C:\Windows\setupact.log
2015-02-23 16:06 - 2013-05-09 16:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-23 16:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 13:22 - 2013-05-09 16:23 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BECF3B6-F14F-4810-917F-AC6386C003B6}
2015-02-21 22:08 - 2014-06-02 18:05 - 00000000 ____D () C:\Users\erik\Desktop\Fotos
2015-02-21 21:34 - 2013-05-19 18:05 - 00000000 ____D () C:\Users\erik\AppData\Roaming\TS3Client
2015-02-20 15:05 - 2013-09-08 09:30 - 00000000 ____D () C:\ProgramData\Origin
2015-02-19 11:33 - 2013-06-13 17:38 - 00000000 ____D () C:\Users\erik\.gimp-2.8
2015-02-16 16:20 - 2014-07-17 12:41 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-15 22:44 - 2014-04-20 19:36 - 00000000 ____D () C:\Users\erik\AppData\Local\Arma 3
2015-02-15 17:33 - 2014-04-24 16:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-15 11:03 - 2014-03-30 18:40 - 00067308 _____ () C:\Windows\PFRO.log
2015-02-14 20:24 - 2013-10-19 15:57 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-14 20:24 - 2013-05-10 08:27 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-14 20:23 - 2013-05-09 20:19 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-14 18:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-14 10:09 - 2013-10-18 14:39 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 21:50 - 2013-05-09 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 21:49 - 2014-03-21 21:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 18:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 16:54 - 2011-04-13 01:57 - 00261432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 19:09 - 2013-05-09 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 19:09 - 2013-05-09 17:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-10 19:02 - 2014-02-10 19:18 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:16 - 2014-05-08 19:40 - 00000000 ____D () C:\Users\erik\AppData\Roaming\OBS
2015-02-10 18:16 - 2013-05-28 10:51 - 00000000 ____D () C:\Users\erik\AppData\Roaming\vlc
2015-02-10 17:28 - 2014-05-08 19:40 - 00000000 ____D () C:\Program Files\OBS
2015-02-10 17:28 - 2014-05-08 19:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-02-10 15:12 - 2009-07-14 18:58 - 00995582 _____ () C:\Windows\system32\perfh007.dat
2015-02-10 15:12 - 2009-07-14 18:58 - 00242420 _____ () C:\Windows\system32\perfc007.dat
2015-02-10 15:12 - 2009-07-14 06:13 - 00006980 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 15:57 - 2013-05-09 19:59 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.minecraft
2015-02-08 15:14 - 2013-05-10 15:12 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.technic
2015-02-08 12:09 - 2013-11-01 11:04 - 00000000 ____D () C:\Users\erik\AppData\Local\Apps\2.0
2015-02-05 16:39 - 2013-05-10 08:27 - 00000000 ____D () C:\Users\erik\AppData\Local\PunkBuster
2015-02-05 16:05 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-05 16:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 16:04 - 2014-04-20 19:35 - 00139440 _____ () C:\Windows\DirectX.log
2015-02-05 16:04 - 2013-05-09 20:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 14:02 - 2013-10-16 19:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:02 - 2013-10-16 19:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 20:38 - 2013-10-16 19:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:38 - 2013-10-16 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 20:38 - 2013-10-16 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 18:16 - 2011-04-13 11:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 20:02 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-01 19:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 18:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 15:20 - 2014-04-20 19:36 - 00000000 ____D () C:\Users\erik\Documents\Arma 3
2015-01-25 10:55 - 2014-09-10 22:55 - 00000000 ____D () C:\Users\erik\AppData\Local\Adobe
2015-01-25 10:46 - 2013-06-16 10:15 - 00000000 ____D () C:\Windows\pss
2015-01-24 22:59 - 2015-01-03 14:55 - 00000000 ____D () C:\Users\erik\Desktop\Musik
==================== Files in the root of some directories =======
2014-04-24 17:21 - 2014-05-19 15:27 - 0000305 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Login.ini
2014-04-24 16:40 - 2014-05-19 15:27 - 0001346 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Options.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000124 _____ () C:\Users\erik\AppData\Roaming\Camdata.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamLayout.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamShapes.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0004546 _____ () C:\Users\erik\AppData\Roaming\CamStudio.cfg
2015-01-06 00:04 - 2015-01-06 00:04 - 0049152 ___SH () C:\Users\erik\AppData\Roaming\Thumbs.db
2014-05-08 16:53 - 2014-05-13 19:14 - 0000096 _____ () C:\Users\erik\AppData\Roaming\version2.xml
2013-07-12 18:45 - 2014-04-08 21:00 - 0008704 _____ () C:\Users\erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 11:32 - 2015-02-19 11:32 - 0008283 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2014-04-24 19:47 - 2014-06-19 12:12 - 0007613 _____ () C:\Users\erik\AppData\Local\Resmon.ResmonCfg
2015-02-06 16:15 - 2015-02-06 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\erik\ich.bat
Some content of TEMP:
====================
C:\Users\erik\AppData\Local\Temp\avgnt.exe
C:\Users\erik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeq5slb.dll
C:\Users\erik\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\erik\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\erik\AppData\Local\Temp\HPInstaller.exe
C:\Users\erik\AppData\Local\Temp\Quarantine.exe
C:\Users\erik\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\erik\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\erik\AppData\Local\Temp\SpOrder.dll
C:\Users\erik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 11:54
==================== End Of Log ============================
|
|
01.03.2015, 09:02
| #10 |
| /// the machine /// TB-Ausbilder | Internetproblem durch Schadsoftware Alte Java Versionen deinstallieren, aktuelle installieren. Windows updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$RECYCLE.BIN
C:\ProgramData\968131de5da043f18c27a2bbbfd25883
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader.exe
C:\Users\erik\Downloads\Avidemux 32 Bit - CHIP-Downloader.exe
C:\Users\erik\Downloads\BitZipper2015TrialSetupDe.exe
C:\Users\erik\Downloads\BluetoothView - CHIP-Downloader.exe
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader.exe
C:\Users\erik\Downloads\CCleaner - CHIP-Downloader.exe
C:\Users\erik\Downloads\CursorFX - CHIP-Downloader.exe
C:\Users\erik\Downloads\Disk Defrag - CHIP-Downloader.exe
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer (1).exe
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer.exe
C:\Users\erik\Downloads\Domination - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\Domination - CHIP-Downloader.exe
C:\Users\erik\Downloads\Dr Hardware 2014 - CHIP-Downloader.exe
C:\Users\erik\Downloads\Everest Home Edition - CHIP-Downloader.exe
C:\Users\erik\Downloads\FRAPS - CHIP-Downloader.exe
C:\Users\erik\Downloads\FunnyVoice - CHIP-Installer.exe
C:\Users\erik\Downloads\Hotspot Shield VPN - CHIP-Downloader.exe
C:\Users\erik\Downloads\HSS-3.42-install-hss-600-conduit.exe
C:\Users\erik\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
C:\Users\erik\Downloads\LogMeIn Hamachi - CHIP-Installer.exe
C:\Users\erik\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
C:\Users\erik\Downloads\Minecraft3.0.0.3.exe
C:\Users\erik\Downloads\MSI Afterburner - CHIP-Downloader.exe
C:\Users\erik\Downloads\Open Broadcaster Software - CHIP-Installer.exe
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader.exe
C:\Users\erik\Downloads\pbsetup_3.4.exe
C:\Users\erik\Downloads\PC Wizard 2013 - CHIP-Downloader.exe
C:\Users\erik\Downloads\RocketDock - CHIP-Downloader.exe
C:\Users\erik\Downloads\Scan2PDF - CHIP-Installer.exe
C:\Users\erik\Downloads\SketchUp Make 2015 - CHIP-Installer.exe
C:\Users\erik\Downloads\Start Menu X - CHIP-Downloader.exe
C:\Users\erik\Downloads\VMware Server - CHIP-Installer.exe
C:\Users\erik\Downloads\WinScan2PDF_CB-DL-Manager.exe
E:\Program Files (x86)\File Type Assistant
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 18 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 18 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
cmd: netsh winsock reset
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 13:22
| #11 |
| | Internetproblem durch Schadsoftware Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by erik at 2015-03-07 13:03:38 Run:1
Running from C:\Users\erik\Desktop
Loaded Profiles: erik (Available profiles: erik & fbwuser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$RECYCLE.BIN
C:\ProgramData\968131de5da043f18c27a2bbbfd25883
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader.exe
C:\Users\erik\Downloads\Avidemux 32 Bit - CHIP-Downloader.exe
C:\Users\erik\Downloads\BitZipper2015TrialSetupDe.exe
C:\Users\erik\Downloads\BluetoothView - CHIP-Downloader.exe
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader.exe
C:\Users\erik\Downloads\CCleaner - CHIP-Downloader.exe
C:\Users\erik\Downloads\CursorFX - CHIP-Downloader.exe
C:\Users\erik\Downloads\Disk Defrag - CHIP-Downloader.exe
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer (1).exe
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer.exe
C:\Users\erik\Downloads\Domination - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\Domination - CHIP-Downloader.exe
C:\Users\erik\Downloads\Dr Hardware 2014 - CHIP-Downloader.exe
C:\Users\erik\Downloads\Everest Home Edition - CHIP-Downloader.exe
C:\Users\erik\Downloads\FRAPS - CHIP-Downloader.exe
C:\Users\erik\Downloads\FunnyVoice - CHIP-Installer.exe
C:\Users\erik\Downloads\Hotspot Shield VPN - CHIP-Downloader.exe
C:\Users\erik\Downloads\HSS-3.42-install-hss-600-conduit.exe
C:\Users\erik\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
C:\Users\erik\Downloads\LogMeIn Hamachi - CHIP-Installer.exe
C:\Users\erik\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
C:\Users\erik\Downloads\Minecraft3.0.0.3.exe
C:\Users\erik\Downloads\MSI Afterburner - CHIP-Downloader.exe
C:\Users\erik\Downloads\Open Broadcaster Software - CHIP-Installer.exe
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader (1).exe
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader.exe
C:\Users\erik\Downloads\pbsetup_3.4.exe
C:\Users\erik\Downloads\PC Wizard 2013 - CHIP-Downloader.exe
C:\Users\erik\Downloads\RocketDock - CHIP-Downloader.exe
C:\Users\erik\Downloads\Scan2PDF - CHIP-Installer.exe
C:\Users\erik\Downloads\SketchUp Make 2015 - CHIP-Installer.exe
C:\Users\erik\Downloads\Start Menu X - CHIP-Downloader.exe
C:\Users\erik\Downloads\VMware Server - CHIP-Installer.exe
C:\Users\erik\Downloads\WinScan2PDF_CB-DL-Manager.exe
E:\Program Files (x86)\File Type Assistant
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 18 C:\Windows\SysWOW64\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
Winsock: Catalog9-x64 18 C:\Windows\system32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
cmd: netsh winsock reset
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
Emptytemp:
*****************
C:\$RECYCLE.BIN => Moved successfully.
C:\ProgramData\968131de5da043f18c27a2bbbfd25883 => Moved successfully.
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader (1).exe => Moved successfully.
C:\Users\erik\Downloads\AdwCleaner - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\Avidemux 32 Bit - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\BitZipper2015TrialSetupDe.exe => Moved successfully.
C:\Users\erik\Downloads\BluetoothView - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader (1).exe => Moved successfully.
C:\Users\erik\Downloads\CamStudio - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\CCleaner - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\CursorFX - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\Disk Defrag - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer (1).exe => Moved successfully.
C:\Users\erik\Downloads\DivxToDVD - CHIP-Installer.exe => Moved successfully.
C:\Users\erik\Downloads\Domination - CHIP-Downloader (1).exe => Moved successfully.
C:\Users\erik\Downloads\Domination - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\Dr Hardware 2014 - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\Everest Home Edition - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\FRAPS - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\FunnyVoice - CHIP-Installer.exe => Moved successfully.
C:\Users\erik\Downloads\Hotspot Shield VPN - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\HSS-3.42-install-hss-600-conduit.exe => Moved successfully.
C:\Users\erik\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe => Moved successfully.
C:\Users\erik\Downloads\LogMeIn Hamachi - CHIP-Installer.exe => Moved successfully.
C:\Users\erik\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\Minecraft3.0.0.3.exe => Moved successfully.
C:\Users\erik\Downloads\MSI Afterburner - CHIP-Downloader.exe => Moved successfully.
"C:\Users\erik\Downloads\Open Broadcaster Software - CHIP-Installer.exe" => File/Directory not found.
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader (1).exe => Moved successfully.
C:\Users\erik\Downloads\Paint NET - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\pbsetup_3.4.exe => Moved successfully.
C:\Users\erik\Downloads\PC Wizard 2013 - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\RocketDock - CHIP-Downloader.exe => Moved successfully.
"C:\Users\erik\Downloads\Scan2PDF - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\erik\Downloads\SketchUp Make 2015 - CHIP-Installer.exe" => File/Directory not found.
C:\Users\erik\Downloads\Start Menu X - CHIP-Downloader.exe => Moved successfully.
C:\Users\erik\Downloads\VMware Server - CHIP-Installer.exe => Moved successfully.
"C:\Users\erik\Downloads\WinScan2PDF_CB-DL-Manager.exe" => File/Directory not found.
E:\Program Files (x86)\File Type Assistant => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000018 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000018 => Deleted successfully.
========= netsh winsock reset =========
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= End of CMD: =========
C:\Windows\SysWOW64\ColorMedia.dll => Moved successfully.
C:\Windows\system32\ColorMedia64.dll => Moved successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 13:04:12 ====
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by erik at 2015-03-07 13:16:27
Running from C:\Users\erik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
0 A.D. (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\0 A.D.) (Version: r15849-alpha - Wildfire Games)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Best Of Wacht Am Rhein Mappack version 1.0 (HKLM-x32\...\{76BD67A8-13C7-4508-A767-3AC6DBFA6C02}_is1) (Version: 1.0 - [F|H] & [762])
BitZipper 2015 (HKLM-x32\...\BitZipper_is1) (Version: 2015.14.12.3 - Bitberry Software)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon iP4500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Countryball World Alpha Demo (HKLM-x32\...\{F07AB58A-8749-4E5B-87D6-E8A1BF443CA0}) (Version: 1.0 - Ihr Firmenname)
Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dr. Hardware 2014 14.0d (HKLM-x32\...\Dr. Hardware 2014_is1) (Version: - Peter A. Gebhard)
DriverToolkit version 8.4.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
Dropbox (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
Empire Earth II Demo (HKLM-x32\...\{03814958-6B1C-43FE-A6D4-D49EA1E5D524}) (Version: 1.1 - Sierra)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free DVD Video Burner version 3.2.7.925 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.7.925 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDUSA4 PERSONAL V5.1.2 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_1_2) (Version: V5.1.2 - CAD Schroer)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{66dd4460-4642-441a-9e2d-29fcaac99c37}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PerfectSphere (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\ce2965ae71956536) (Version: 1.0.0.0 - Cameron MacFarland)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PlanetSide 2 (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1213) (Version: - )
Registry System Wizard.NET (HKLM\...\{110ED870-1DF3-4574-A679-E2C4A8163211}_is1) (Version: 0.13.731.51 - WinFAQ)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMware Server (HKLM-x32\...\{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}) (Version: 2.0.0.2712 - VMware, Inc.)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> E:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\erik\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1290900567-4276527035-1124842236-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-01 19:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0405783E-6E5E-45D3-9A52-3987688FFDCC} - System32\Tasks\{808B866D-89FB-4D56-8716-22FAED38716B} => D:\HP-DQEX5.exe
Task: {07DFEED0-CAC1-4FC8-9F1C-FF4F3AF3C228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {240F108E-4FA4-4E0C-B5D3-7DC7B7591EDE} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe
Task: {2F9EFF80-E49F-4869-88A8-EE4C3282DCEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {30584EEB-3B67-4094-ADD6-9F67977C6049} - System32\Tasks\{D2A05E0B-95A8-437B-98E7-3C51A51551C8} => D:\HP-DQEX5.exe
Task: {3067CE58-90F7-4E7A-A460-DC79BBA0B670} - System32\Tasks\hpUrlLauncher.exe_{06C8F7F6-EDA5-4F2B-8224-D6AFA68DFDDD} => C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {58D28C6A-EFBE-4927-9FB4-B6FB656298C7} - System32\Tasks\{D560C8A8-5401-4716-A4E3-3BF75362EE13} => D:\HP-DQEX5.exe
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe
Task: {5C602572-03F4-4E88-847D-F1D8A4EEC104} - System32\Tasks\{DA9A4C18-65A0-4DA8-B175-398AEFE804DB} => D:\HP-DQEX5.exe
Task: {63B454DE-0DE5-40A3-BB2E-171734EC52AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C7AD8E14-42BA-4584-8BEC-30CF16AC848F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe
Task: {D273A9E4-5A8C-4A72-B5D3-502D856B9788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {D6A16177-851A-469B-B3C8-C7EA2B0CD405} - System32\Tasks\{0236019B-D3E6-4F03-95E3-D27B1B812ED3} => D:\HP-DQEX5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-05-09 16:22 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-05-09 20:19 - 2015-02-05 16:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-08 20:41 - 2007-09-02 12:58 - 00495616 _____ () E:\Program Files (x86)\RocketDock\RocketDock.exe
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-10-20 15:21 - 2009-10-20 15:21 - 00322096 _____ () C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
2014-05-08 20:41 - 2007-09-02 12:57 - 00069632 _____ () E:\Program Files (x86)\RocketDock\RocketDock.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Server\libxml2.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Server\zlib1.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 17091120 _____ () C:\Program Files (x86)\VMware\VMware Server\types.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 05196336 _____ () C:\Program Files (x86)\VMware\VMware Server\platform.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 01100336 _____ () C:\Program Files (x86)\VMware\VMware Server\common.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02153008 _____ () C:\Program Files (x86)\VMware\VMware Server\hostsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00318000 _____ () C:\Program Files (x86)\VMware\VMware Server\internalsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00653872 _____ () C:\Program Files (x86)\VMware\VMware Server\nfcsvc.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00842288 _____ () C:\Program Files (x86)\VMware\VMware Server\libeay32.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00162352 _____ () C:\Program Files (x86)\VMware\VMware Server\ssleay32.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02894384 _____ () C:\Program Files (x86)\VMware\VMware Server\diskLibWrapper.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00178736 _____ () C:\Program Files (x86)\VMware\VMware Server\proxysvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00834096 _____ () C:\Program Files (x86)\VMware\VMware Server\solo.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00404016 _____ () C:\Program Files (x86)\VMware\VMware Server\statssvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00096816 _____ () C:\Program Files (x86)\VMware\VMware Server\supportsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 00117296 _____ () C:\Program Files (x86)\VMware\VMware Server\vcsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02767408 _____ () C:\Program Files (x86)\VMware\VMware Server\vimsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 02718256 _____ () C:\Program Files (x86)\VMware\VMware Server\vmsvc.dll
2015-02-20 16:35 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 16:35 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 16:35 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\erik\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Apps Hat => C:\Users\erik\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: AppsHat => C:\Users\erik\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CanonMyPrinter => E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => E:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: EADM => "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Ocs_SM => C:\Users\erik\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\erik\AppData\Roaming\Web Cake\WebCakeDesktop.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1290900567-4276527035-1124842236-500 - Administrator - Disabled)
erik (S-1-5-21-1290900567-4276527035-1124842236-1000 - Administrator - Enabled) => C:\Users\erik
fbwuser (S-1-5-21-1290900567-4276527035-1124842236-1004 - Limited - Disabled) => C:\Users\fbwuser
Gast (S-1-5-21-1290900567-4276527035-1124842236-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1290900567-4276527035-1124842236-1002 - Limited - Enabled)
__vmware_user__ (S-1-5-21-1290900567-4276527035-1124842236-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Fredericus Rex
Description: GT-I9300
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2015 01:16:28 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 01:16:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 01:08:18 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:17 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:15 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:10 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (03/07/2015 01:07:58 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Der angegebene Dienst ist kein installierter Dienst.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Error: (03/07/2015 01:08:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/07/2015 01:07:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (03/07/2015 01:07:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (03/07/2015 01:06:13 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/07/2015 01:05:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware Server Web Access" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/07/2015 10:56:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2887069)
Error: (03/07/2015 10:51:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2887069)
Error: (03/07/2015 10:47:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Realtek11nSU erreicht.
Error: (03/07/2015 10:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (03/07/2015 10:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Microsoft Office Sessions:
=========================
Error: (03/07/2015 01:16:28 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 01:16:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 01:08:18 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:17 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:15 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 01:08:10 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (03/07/2015 01:07:58 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description:
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (03/07/2015 00:46:49 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070424, Der angegebene Dienst ist kein installierter Dienst.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2015-03-07 13:07:30.774
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 13:07:30.743
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 13:07:30.680
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 13:07:30.634
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 10:46:14.515
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 10:46:14.484
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 10:46:14.032
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 10:46:13.985
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 14:29:13.670
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-06 14:29:13.623
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8168.79 MB
Available physical RAM: 4985.11 MB
Total Pagefile: 8166.97 MB
Available Pagefile: 4782.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:195.31 GB) (Free:12.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (media) (Fixed) (Total:503.32 GB) (Free:162.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E4AD593A)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=503.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Turtleclashe (07.03.2015 um 13:33 Uhr) |
|
07.03.2015, 18:44
| #12 |
| /// the machine /// TB-Ausbilder | Internetproblem durch Schadsoftware Frische FRST.txt bitte, keine Addition.txt. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 21:23
| #13 |
| | Internetproblem durch Schadsoftware Oh, tut mir leid. ^^ Das wäre jetzt die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by erik (administrator) on ERIK-PC on 07-03-2015 21:21:49
Running from C:\Users\erik\Desktop
Loaded Profiles: erik (Available profiles: erik & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Apache Software Foundation) C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() E:\Program Files (x86)\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Run: [RocketDock] => E:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\erik\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1290900567-4276527035-1124842236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-10-09] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-09] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-28] (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-10-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-10-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1290900567-4276527035-1124842236-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VLC for YouTube™) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel [2013-11-03]
CHR Extension: (Google Docs) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-09]
CHR Extension: (Google Drive) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-09]
CHR Extension: (GeoGebra) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-17]
CHR Extension: (Google Search) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-09]
CHR Extension: (No Name) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2015-02-10]
CHR Extension: (Avira SafeSearch) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-07]
CHR Extension: (Steam Market Filter) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdpoeanmcbopmmdomongbohbmiolmom [2015-01-04]
CHR Extension: (Avira Browser Safety) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Heroes & Generals) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-20]
CHR Extension: (Easy Video Downloader Express) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\laglhpkadeejnkgdiphnegpajimagcld [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-09-07]
CHR Extension: (Gmail) - C:\Users\erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-28] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-20] () [File not signed]
R2 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe [121392 2009-10-20] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [322096 2009-10-20] ()
R2 VMwareServerWebAccess; C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-10-20] (Apache Software Foundation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-07-03] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-07-03] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RDID1079; C:\Windows\System32\Drivers\rdwm1079.sys [199296 2009-09-17] (Roland Corporation)
S3 RTCore64; E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EverestDriver; \??\C:\Users\erik\AppData\Local\Temp\EverestDriver.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\erik\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 13:29 - 2015-03-07 13:29 - 00561576 _____ (Oracle Corporation) C:\Users\erik\Downloads\chromeinstall-8u40 (3).exe
2015-03-07 13:23 - 2015-03-07 13:23 - 00561576 _____ (Oracle Corporation) C:\Users\erik\Downloads\chromeinstall-8u40 (2).exe
2015-03-07 13:23 - 2015-03-07 13:23 - 00561576 _____ (Oracle Corporation) C:\Users\erik\Downloads\chromeinstall-8u40 (1).exe
2015-03-07 13:22 - 2015-03-07 13:22 - 00561576 _____ (Oracle Corporation) C:\Users\erik\Downloads\chromeinstall-8u40.exe
2015-03-07 13:16 - 2015-03-07 13:16 - 00046257 _____ () C:\Users\erik\Desktop\Addition.txt
2015-03-03 19:43 - 2015-03-05 21:14 - 00019526 _____ () C:\Users\erik\Desktop\test.odt
2015-03-03 19:39 - 2015-03-03 19:39 - 00000000 ____D () C:\Users\erik\Documents\Fax
2015-03-01 19:04 - 2015-03-01 19:04 - 00012245 _____ () C:\Users\erik\Desktop\Unbenannt 1.odt
2015-02-28 21:33 - 2015-03-02 19:14 - 00000439 _____ () C:\Users\erik\Desktop\Neues Textdokument.txt
2015-02-28 17:11 - 2015-02-28 17:11 - 00482240 _____ () C:\Users\erik\Downloads\setup (1).exe
2015-02-28 11:29 - 2015-02-28 11:29 - 00130376 _____ () C:\Users\erik\Desktop\waffenliste.zip
2015-02-28 11:26 - 2015-02-28 11:26 - 00718227 _____ () C:\Users\erik\Desktop\DerAlteMannUndDieSee.zip
2015-02-27 22:08 - 2015-02-27 22:08 - 00913737 _____ () C:\Users\erik\Desktop\Preisliste.zip
2015-02-27 22:08 - 2015-02-27 22:08 - 00000000 ____D () C:\Users\erik\Desktop\Annor
2015-02-27 22:07 - 2015-02-27 22:07 - 00107254 _____ () C:\Users\erik\Desktop\Charakterblatt.zip
2015-02-27 22:07 - 2015-02-27 22:07 - 00075344 _____ () C:\Users\erik\Desktop\Charakterblatt_kurz.zip
2015-02-27 22:06 - 2015-02-27 22:06 - 01134112 _____ () C:\Users\erik\Desktop\Kurzregeln.zip
2015-02-27 21:45 - 2015-02-27 21:45 - 00260571 _____ () C:\Users\erik\Desktop\Nasenhorn.zip
2015-02-24 20:31 - 2015-02-24 20:31 - 00020871 _____ () C:\Users\erik\Downloads\WG- Schule als Staat - Organisationsteam Politisches System - Treffen am 24.2. um 14 Uhr in R.101.html
2015-02-24 18:33 - 2015-02-24 18:33 - 00000000 ____D () C:\Users\erik\AppData\Local\Unity
2015-02-24 18:32 - 2015-02-24 18:33 - 01081088 _____ (Unity Technologies ApS) C:\Users\erik\Downloads\UnityWebPlayer.exe
2015-02-23 21:29 - 2015-02-23 21:29 - 00001064 _____ () C:\Users\erik\Desktop\checkup.txt
2015-02-23 21:12 - 2015-02-23 21:12 - 02347384 _____ (ESET) C:\Users\erik\Desktop\esetsmartinstaller_deu.exe
2015-02-23 21:12 - 2015-02-23 21:12 - 00852594 _____ () C:\Users\erik\Downloads\SecurityCheck (1).exe
2015-02-23 21:10 - 2015-03-07 21:21 - 00000000 _____ () C:\Users\erik\Desktop\FRST.txt
2015-02-23 21:10 - 2015-02-23 21:10 - 00852594 _____ () C:\Users\erik\Desktop\SecurityCheck.exe
2015-02-23 21:08 - 2015-03-07 21:21 - 00000000 ____D () C:\Users\erik\Desktop\FRST-OlderVersion
2015-02-21 22:44 - 2015-03-01 21:42 - 00449468 _____ () C:\Users\erik\Desktop\ErdkundeGFS.odp
2015-02-20 14:52 - 2015-02-20 14:51 - 00000000 ____D () C:\Users\erik\Downloads\Fresh fruits - Kopie
2015-02-20 14:51 - 2015-02-20 14:51 - 00000000 ____D () C:\Users\erik\Downloads\Fresh fruits
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\Users\erik\AppData\Local\BitZipper
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-20 13:32 - 2015-02-20 13:32 - 00000000 ____D () C:\Program Files (x86)\BitZipper
2015-02-19 11:32 - 2015-02-19 11:32 - 00008283 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2015-02-19 11:17 - 2015-02-19 11:17 - 00000000 ____D () C:\Users\erik\AppData\Local\Steam
2015-02-19 10:32 - 2015-02-19 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-15 11:47 - 2015-02-15 11:47 - 00001685 _____ () C:\Users\erik\Downloads\Mission2.zip
2015-02-14 19:35 - 2015-02-14 19:35 - 00000000 ____D () C:\Users\erik\AppData\Local\Sony Online Entertainment
2015-02-14 18:57 - 2015-02-14 18:57 - 00002158 _____ () C:\Users\Public\Desktop\HP Officejet 6600.lnk
2015-02-14 18:23 - 2015-02-14 18:23 - 00003596 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2015-02-14 18:22 - 2015-02-14 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-14 18:21 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5D12.dll
2015-02-14 18:16 - 2015-02-14 18:16 - 00000000 ____D () C:\Program Files\HP
2015-02-14 18:03 - 2015-02-14 18:05 - 30407096 _____ () C:\Users\erik\Downloads\OJ6600_Basicx64_1315.exe
2015-02-14 18:02 - 2015-02-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{DA9A4C18-65A0-4DA8-B175-398AEFE804DB}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{D560C8A8-5401-4716-A4E3-3BF75362EE13}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{D2A05E0B-95A8-437B-98E7-3C51A51551C8}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{808B866D-89FB-4D56-8716-22FAED38716B}
2015-02-12 22:15 - 2015-02-12 22:15 - 00002892 _____ () C:\Windows\System32\Tasks\{0236019B-D3E6-4F03-95E3-D27B1B812ED3}
2015-02-12 22:06 - 2015-02-12 22:06 - 00000000 ____D () C:\Users\erik\Documents\DPE
2015-02-12 22:01 - 2015-02-12 22:09 - 118744568 _____ () C:\Users\erik\Downloads\OJ6600_1315-1 (1).exe
2015-02-12 21:59 - 2015-02-12 21:59 - 00002892 _____ () C:\Windows\System32\Tasks\hpUrlLauncher.exe_{06C8F7F6-EDA5-4F2B-8224-D6AFA68DFDDD}
2015-02-12 21:51 - 2015-02-12 21:57 - 118744568 _____ () C:\Users\erik\Downloads\OJ6600_1315-1.exe
2015-02-12 21:48 - 2015-02-12 21:48 - 05325208 _____ (Piriform Ltd) C:\Users\erik\Downloads\ccsetup502.exe
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\Users\erik\AppData\Roaming\TuneUp Software
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\Users\erik\AppData\Local\TuneUp Software
2015-02-12 21:46 - 2015-02-12 21:46 - 00000000 ____D () C:\ProgramData\920876972493472ca3314c502ed99163
2015-02-12 21:45 - 2015-02-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-12 21:45 - 2015-02-12 21:45 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-12 17:26 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:26 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 17:08 - 2015-02-12 17:08 - 00000000 ____D () C:\Users\erik\AppData\Local\CrashRpt
2015-02-11 13:59 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:59 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 13:59 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 13:59 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 13:59 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 13:59 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 13:59 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 13:59 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 13:59 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 13:59 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 13:59 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 13:59 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 13:59 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 13:59 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 13:59 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 13:59 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 13:59 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:59 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 13:59 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 13:59 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 13:59 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:59 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:59 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 13:59 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 13:59 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 13:59 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 13:59 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 13:59 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 13:59 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 13:59 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 13:59 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 13:59 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 13:59 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 13:59 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 13:59 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 13:59 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 13:59 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-11 13:59 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:59 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:59 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 13:59 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 13:59 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:45 - 2015-02-10 18:45 - 01388274 _____ (Thisisu) C:\Users\erik\Desktop\JRT.exe
2015-02-10 18:45 - 2015-02-10 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 18:45 - 2015-02-10 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-10 18:45 - 2015-02-10 18:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-10 18:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 18:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 18:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 18:44 - 2015-02-10 18:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\erik\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-10 18:44 - 2015-02-10 18:44 - 02112512 _____ () C:\Users\erik\Desktop\AdwCleaner_4.110.exe
2015-02-10 17:28 - 2015-02-10 17:28 - 00000945 _____ () C:\Users\erik\Desktop\Open Broadcaster Software.lnk
2015-02-08 20:11 - 2015-02-08 21:14 - 00016871 _____ () C:\Users\erik\Desktop\GFS.odt
2015-02-08 16:01 - 2015-02-08 16:04 - 84839353 _____ () C:\Users\erik\Downloads\Tekkit_Server_v1.2.9e.zip
2015-02-08 15:57 - 2015-02-08 15:57 - 04620432 _____ () C:\Users\erik\Downloads\TechnicLauncher.exe
2015-02-08 12:17 - 2015-02-09 21:34 - 00015852 _____ () C:\Users\erik\Desktop\NwTProtokoll2.odt
2015-02-08 12:11 - 2015-02-08 12:11 - 04156942 _____ () C:\Users\erik\Desktop\NwTProtokoll.odt
2015-02-08 09:57 - 2015-02-15 11:12 - 00000000 ____D () C:\Users\erik\AppData\Roaming\HpUpdate
2015-02-08 09:57 - 2015-02-08 09:57 - 00000972 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-02-06 16:15 - 2015-02-06 16:15 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 15:46 - 2015-02-14 18:57 - 00000000 ____D () C:\ProgramData\HP
2015-02-06 15:42 - 2015-02-06 15:42 - 00000000 ____D () C:\Users\erik\AppData\Local\HP
2015-02-05 16:38 - 2015-02-05 17:25 - 00000000 ____D () C:\Users\erik\Documents\BFH Beta 2
2015-02-05 16:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-05 16:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-05 16:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-05 16:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-05 16:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-05 16:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-05 16:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-05 16:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-05 16:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-02-05 16:04 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-05 16:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-05 16:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-05 16:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-05 16:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-05 16:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-02-05 16:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-02-05 16:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-02-05 16:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-02-05 16:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-05 16:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-02-05 16:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-02-05 16:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-05 16:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-05 16:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-05 16:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-02-05 16:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-05 16:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-02-05 16:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-05 16:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-02-05 16:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-05 16:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-05 16:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-02-05 16:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-05 16:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-02-05 16:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-05 16:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-05 16:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-02-05 16:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-05 16:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-02-05 16:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-02-05 16:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-02-05 16:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-02-05 16:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-02-05 16:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-02-05 16:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-02-05 16:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-02-05 16:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-02-05 16:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-02-05 16:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-02-05 16:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-02-05 16:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-02-05 16:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-02-05 16:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-02-05 16:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-02-05 16:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-02-05 16:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-02-05 16:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-02-05 16:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-02-05 16:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-02-05 16:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-02-05 16:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-02-05 16:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-02-05 16:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-02-05 16:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-02-05 16:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-02-05 16:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-02-05 16:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-02-05 16:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-02-05 16:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-02-05 16:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-02-05 16:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-02-05 16:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-02-05 16:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-02-05 16:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-02-05 16:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-02-05 16:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-02-05 16:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-02-05 16:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-02-05 16:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 21:21 - 2015-02-01 17:24 - 02094592 _____ (Farbar) C:\Users\erik\Desktop\FRST64.exe
2015-03-07 21:21 - 2015-02-01 17:24 - 00000000 ____D () C:\FRST
2015-03-07 21:07 - 2013-10-16 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 20:57 - 2014-03-30 18:41 - 00103376 _____ () C:\Windows\setupact.log
2015-03-07 20:55 - 2013-10-16 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 17:49 - 2011-04-13 11:03 - 01449867 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 15:15 - 2013-05-09 16:23 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BECF3B6-F14F-4810-917F-AC6386C003B6}
2015-03-07 15:04 - 2013-10-16 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 13:33 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 13:33 - 2009-07-14 05:45 - 00015280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 13:30 - 2014-07-06 10:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-07 13:30 - 2013-05-09 17:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-07 13:27 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\erik\AppData\Local\LogMeIn Hamachi
2015-03-07 13:27 - 2013-10-18 14:41 - 00000000 ___RD () C:\Users\erik\Dropbox
2015-03-07 13:27 - 2013-10-18 14:38 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Dropbox
2015-03-07 13:25 - 2014-11-08 12:35 - 00000000 ____D () C:\ProgramData\VMware
2015-03-07 13:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 13:24 - 2013-05-09 16:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 13:06 - 2014-03-30 18:40 - 00067630 _____ () C:\Windows\PFRO.log
2015-03-07 13:03 - 2015-02-01 18:07 - 00000000 ____D () C:\Users\erik\Desktop\Computerpobleme
2015-03-06 22:31 - 2013-05-19 18:05 - 00000000 ____D () C:\Users\erik\AppData\Roaming\TS3Client
2015-03-06 18:32 - 2013-10-19 15:57 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-06 18:32 - 2013-05-10 08:27 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-06 18:32 - 2013-05-09 20:19 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-06 18:28 - 2013-09-08 09:30 - 00000000 ____D () C:\ProgramData\Origin
2015-03-05 17:35 - 2014-04-24 16:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 17:35 - 2013-05-09 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 17:35 - 2013-05-09 17:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 14:22 - 2013-05-10 08:30 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 14:22 - 2013-05-09 17:34 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:22 - 2013-05-09 17:34 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 18:05 - 2015-02-01 15:58 - 00000000 ____D () C:\Users\erik\Desktop\Desktop 12 (1)
2015-03-03 18:04 - 2013-05-10 15:12 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.technic
2015-02-28 17:11 - 2013-11-01 11:04 - 00000000 ____D () C:\Users\erik\AppData\Local\Deployment
2015-02-24 03:17 - 2013-05-09 17:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 22:08 - 2014-06-02 18:05 - 00000000 ____D () C:\Users\erik\Desktop\Fotos
2015-02-19 11:33 - 2013-06-13 17:38 - 00000000 ____D () C:\Users\erik\.gimp-2.8
2015-02-16 16:20 - 2014-07-17 12:41 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-15 22:44 - 2014-04-20 19:36 - 00000000 ____D () C:\Users\erik\AppData\Local\Arma 3
2015-02-14 18:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-14 10:09 - 2013-10-18 14:39 - 00000000 ____D () C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 21:50 - 2013-05-09 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 21:49 - 2014-03-21 21:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 18:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 16:54 - 2011-04-13 01:57 - 00261432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 19:02 - 2014-02-10 19:18 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:16 - 2014-05-08 19:40 - 00000000 ____D () C:\Users\erik\AppData\Roaming\OBS
2015-02-10 18:16 - 2013-05-28 10:51 - 00000000 ____D () C:\Users\erik\AppData\Roaming\vlc
2015-02-10 17:28 - 2014-05-08 19:40 - 00000000 ____D () C:\Program Files\OBS
2015-02-10 17:28 - 2014-05-08 19:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-02-10 15:12 - 2009-07-14 18:58 - 00995582 _____ () C:\Windows\system32\perfh007.dat
2015-02-10 15:12 - 2009-07-14 18:58 - 00242420 _____ () C:\Windows\system32\perfc007.dat
2015-02-10 15:12 - 2009-07-14 06:13 - 00006980 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 15:57 - 2013-05-09 19:59 - 00000000 ____D () C:\Users\erik\AppData\Roaming\.minecraft
2015-02-08 12:09 - 2013-11-01 11:04 - 00000000 ____D () C:\Users\erik\AppData\Local\Apps\2.0
2015-02-05 16:39 - 2013-05-10 08:27 - 00000000 ____D () C:\Users\erik\AppData\Local\PunkBuster
2015-02-05 16:05 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-05 16:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 16:04 - 2014-04-20 19:35 - 00139440 _____ () C:\Windows\DirectX.log
2015-02-05 16:04 - 2013-05-09 20:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 14:02 - 2013-10-16 19:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:02 - 2013-10-16 19:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2014-04-24 17:21 - 2014-05-19 15:27 - 0000305 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Login.ini
2014-04-24 16:40 - 2014-05-19 15:27 - 0001346 _____ () C:\Users\erik\AppData\Roaming\BreakingPoint_Options.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000124 _____ () C:\Users\erik\AppData\Roaming\Camdata.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamLayout.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0000408 _____ () C:\Users\erik\AppData\Roaming\CamShapes.ini
2014-05-08 16:54 - 2014-05-13 19:57 - 0004546 _____ () C:\Users\erik\AppData\Roaming\CamStudio.cfg
2015-01-06 00:04 - 2015-01-06 00:04 - 0049152 ___SH () C:\Users\erik\AppData\Roaming\Thumbs.db
2014-05-08 16:53 - 2014-05-13 19:14 - 0000096 _____ () C:\Users\erik\AppData\Roaming\version2.xml
2013-07-12 18:45 - 2014-04-08 21:00 - 0008704 _____ () C:\Users\erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 11:32 - 2015-02-19 11:32 - 0008283 _____ () C:\Users\erik\AppData\Local\recently-used.xbel
2014-04-24 19:47 - 2014-06-19 12:12 - 0007613 _____ () C:\Users\erik\AppData\Local\Resmon.ResmonCfg
2015-02-06 16:15 - 2015-02-06 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\erik\ich.bat
Some content of TEMP:
====================
C:\Users\erik\AppData\Local\Temp\avgnt.exe
C:\Users\erik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1kdqgd.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 17:30
==================== End Of Log ============================
|
|
08.03.2015, 14:49
| #14 |
| /// the machine /// TB-Ausbilder | Internetproblem durch Schadsoftware Da meine Frage jetzt zum zweiten Mal ignoriert wurde deute ich das mal als nein   Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Internetproblem durch Schadsoftware |
| adobe, antivir, avg, avira, bho, computer, desktop, explorer, flash player, google, helper, hijack, hijackthis, internet, internet explorer, log, logfile, netzwerk, nvidia, opera, problem, security, software, usb, windows |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
